From 6d711ad5dc34f9c9cd94d7b45cde9f938dbd7d45 Mon Sep 17 00:00:00 2001
From: navnitan-7 <snavnitan@gmail.com>
Date: Mon, 30 Mar 2026 17:54:58 +0530
Subject: [PATCH] Mitigate CVE-2015-9251 in vendored jQuery ajax converter

---
 docs/v2.10.0/_static/jquery-3.5.1.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/v2.10.0/_static/jquery-3.5.1.js b/docs/v2.10.0/_static/jquery-3.5.1.js
index 50937333b9..e287eb4efd 100644
--- a/docs/v2.10.0/_static/jquery-3.5.1.js
+++ b/docs/v2.10.0/_static/jquery-3.5.1.js
@@ -9219,6 +9219,12 @@ function ajaxConvert( s, response, jqXHR, isSuccess ) {
 			} else if ( prev !== "*" && prev !== current ) {
 
 				// Seek a direct converter
+
+				// Mitigate possible XSS vulnerability (gh-2432)
+				if ( s.crossDomain && current === "script" ) {
+					continue;
+				}
+
 				conv = converters[ prev + " " + current ] || converters[ "* " + current ];
 
 				// If none found, seek a pair