From 58a1e7b07d4c7c3c0c024549ef379c9ee6b026da Mon Sep 17 00:00:00 2001
From: npt-1707 <npthanh132@gmail.com>
Date: Fri, 8 May 2026 11:18:04 +0800
Subject: [PATCH] 
 scripts/eval/miniwob++/computergym/computergym/miniwob/miniwob_interface/html/core/jquery-ui/external/jquery/jquery.js:
 Ajax: Mitigate possible XSS vulnerability

---
 .../html/core/jquery-ui/external/jquery/jquery.js            | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/eval/miniwob++/computergym/computergym/miniwob/miniwob_interface/html/core/jquery-ui/external/jquery/jquery.js b/scripts/eval/miniwob++/computergym/computergym/miniwob/miniwob_interface/html/core/jquery-ui/external/jquery/jquery.js
index 7fc60fc..cba0c18 100644
--- a/scripts/eval/miniwob++/computergym/computergym/miniwob/miniwob_interface/html/core/jquery-ui/external/jquery/jquery.js
+++ b/scripts/eval/miniwob++/computergym/computergym/miniwob/miniwob_interface/html/core/jquery-ui/external/jquery/jquery.js
@@ -9293,6 +9293,11 @@ function ajaxConvert( s, response, jqXHR, isSuccess ) {
 			// Convert response if prev dataType is non-auto and differs from current
 			} else if ( prev !== "*" && prev !== current ) {
 
+				// Mitigate possible XSS vulnerability (gh-2432)
+				if ( s.crossDomain && current === "script" ) {
+					continue;
+				}
+
 				// Seek a direct converter
 				conv = converters[ prev + " " + current ] || converters[ "* " + current ];