-
-
Notifications
You must be signed in to change notification settings - Fork 7
feat(HikVision): add auto check jQuery plugin #777
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -5,6 +5,10 @@ export async function init(id) { | |||||||||||||||||||||||
| await addScript('./_content/BootstrapBlazor.HikVision/jsVideoPlugin-1.0.0.min.js'); | ||||||||||||||||||||||||
| await addScript('./_content/BootstrapBlazor.HikVision/webVideoCtrl.js'); | ||||||||||||||||||||||||
|
|
||||||||||||||||||||||||
| if (window.$ === void 0) { | ||||||||||||||||||||||||
| await addScript('./_content/BootstrapBlazor.HikVision/jquery-1.7.1.min.js'); | ||||||||||||||||||||||||
|
||||||||||||||||||||||||
| await addScript('./_content/BootstrapBlazor.HikVision/jquery-1.7.1.min.js'); | |
| // Updated to jQuery 3.7.1 for security reasons (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023) | |
| // If the HikVision plugin fails with this version, revert to 1.7.1 and document the risk. | |
| await addScript('./_content/BootstrapBlazor.HikVision/jquery-3.7.1.min.js'); |
Copilot
AI
Dec 4, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The jQuery check and loading happens after loading webVideoCtrl.js, but webVideoCtrl.js depends on jQuery. The file contains extensive jQuery usage (e.g., $, $("#"+id), $.each, etc.). This creates a race condition where webVideoCtrl.js will execute before jQuery is available, causing runtime errors.
jQuery should be loaded first, before any scripts that depend on it. Move the jQuery check and loading to lines 5-7, before the jsVideoPlugin and webVideoCtrl scripts.
| await addScript('./_content/BootstrapBlazor.HikVision/jsVideoPlugin-1.0.0.min.js'); | |
| await addScript('./_content/BootstrapBlazor.HikVision/webVideoCtrl.js'); | |
| if (window.$ === void 0) { | |
| await addScript('./_content/BootstrapBlazor.HikVision/jquery-1.7.1.min.js'); | |
| } | |
| if (window.$ === void 0) { | |
| await addScript('./_content/BootstrapBlazor.HikVision/jquery-1.7.1.min.js'); | |
| } | |
| await addScript('./_content/BootstrapBlazor.HikVision/jsVideoPlugin-1.0.0.min.js'); | |
| await addScript('./_content/BootstrapBlazor.HikVision/webVideoCtrl.js'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚨 issue (security): Loading jQuery 1.7.1 introduces potential security and compatibility concerns; consider a more recent version if possible.
jQuery 1.7.1 has known security issues and poor support in modern browsers. If you can change this dependency, please use a supported jQuery version (1.x LTS or newer) that remains compatible with the HikVision plugin to avoid relying on a vulnerable library.