From a3fc6fc46934c546e109ec1db52f61df1bf935b7 Mon Sep 17 00:00:00 2001
From: "James D. Forrester" <jforrester@wikimedia.org>
Date: Thu, 25 Apr 2019 16:12:52 -0500
Subject: [PATCH] SECURITY: resources: Patch jQuery 3.2.1 for CVE-2019-11358

Patch taken from https://github.com/DanielRuf/snyk-js-jquery-174006?files=1.

Bug: T221739
Change-Id: I99c2be81c74a8f1d35c421f0ee43c75efb30a7d0
---
 resources/lib/jquery/jquery.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/resources/lib/jquery/jquery.js b/resources/lib/jquery/jquery.js
index d2d8ca4790..2cf479de85 100644
--- a/resources/lib/jquery/jquery.js
+++ b/resources/lib/jquery/jquery.js
@@ -229,8 +229,9 @@ jQuery.extend = jQuery.fn.extend = function() {
 				src = target[ name ];
 				copy = options[ name ];
 
+				// Prevent Object.prototype pollution
 				// Prevent never-ending loop
-				if ( target === copy ) {
+				if ( name === "__proto__" || target === copy ) {
 					continue;
 				}
 
-- 
2.20.1