Thanks. Will be interested for me too.

Kind Regards

Tony

Br Marcin

The warnings are actually 2 in cell edit module only and they refer to setTimeout which is used with zero delay – i.e

setTimeout(function(){…}, 0);

Your analyzes software think that this is dangerous, but actually it is not.

I can asure you that I will set the timeout to 1 something like this.

setTimeout(function(){…}, 1);

Just fixed the code in github.

Regards

It scans through code as well as through scripts and reports potential security issues

It has found 6 critical issues with jqGrid version 4.6.0

Dynamic Code Evaluation: Code Injection (Input Validation and Representation, Data flow)

1. The file grid.celledit.js interprets unvalidated user input as source code on line 53. Interpreting user-controlled instructions at run-time can allow attackers to execute malicious code.
2. The file grid.celledit.js interprets unvalidated user input as source code on line 87. Interpreting user-controlled instructions at run-time can allow attackers to execute malicious code.
3. The file jquery.jqGrid.js interprets unvalidated user input as source code on line 9959. Interpreting user-controlled instructions at run-time can allow attackers to execute malicious code.
4. The file jquery.jqGrid.js interprets unvalidated user input as source code on line 9993. Interpreting user-controlled instructions at run-time can allow attackers to execute malicious code.
5. The file jquery.jqGrid.src.js interprets unvalidated user input as source code on line 9959. Interpreting user-controlled instructions at run-time can allow attackers to execute malicious code.
6. The file jquery.jqGrid.src.js interprets unvalidated user input as source code on line 9993. Interpreting user-controlled instructions at run-time can allow attackers to execute malicious code.

For us it is very important to have secure code "live" otherwise we cannot use it. How are the chances this issues can be solved?

If you need any details please feel free to contact me!