<script language="JavaScript">
<!--
function _AN_global_var_init(){
	_AN_this_url = "/prx/000/";
	_AN_base_scheme = "https";
	_AN_base_host = "https://patch-diff.githubusercontent.com";
	_AN_base_path = "https://patch-diff.githubusercontent.com/raw/rails/jquery-ujs/pull/";
	_AN_encode_urls = 0;
	_AN_mpo = 1;
	_AN_md = 0;
	_AN_rel_urls = 1;
	_AN_nav_switch = 0;
	_AN_nav_allowurl = 1;
	_AN_nav_override = 0;
	_AN_has_iframe = 0;
	_AN_dbg_flags = null;
	_AN_nav_use_aaa = 1;
	_AN_expires_pass = 0;
	_AN_wrap_evthandlers = 0;
	_AN_rewrite_param_exact = 0;
	_AN_obj_params = {};
} 
_AN_global_var_init();
//-->
</script>
<script language="JavaScript" src="/prx/001/http/localh/an_util.js"></script>
<script language="JavaScript" src="/prx/001/http/localh/NSLib.js"></script>

From 09381a294e08a5f3c980f8e288f4b08ac7a41749 Mon Sep 17 00:00:00 2001
From: Dev <dev@Devs-MacBook-Pro-7.local>
Date: Wed, 5 Jun 2024 15:25:28 -0700
Subject: [PATCH] Fixed jquery-ujs vulnerbility issue

---
 src/rails.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/rails.js b/src/rails.js
index 0e27110..6db42b7 100644
--- a/src/rails.js
+++ b/src/rails.js
@@ -218,9 +218,9 @@
         target = link.attr('target'),
         csrfToken = rails.csrfToken(),
         csrfParam = rails.csrfParam(),
-        form = $('<form method="post" action="/prx/000/https/patch-diff.githubusercontent.com/raw/rails/jquery-ujs/pull/' + href + '"></form>'),
+        form = $('<form method="post"></form>'),
         metadataInput = '<input name="_method" value="' + method + '" type="hidden" />';
-
+      form.attr('action', href);
       if (csrfParam !== undefined && csrfToken !== undefined && !rails.isCrossDomain(href)) {
         metadataInput += '<input name="' + csrfParam + '" value="' + csrfToken + '" type="hidden" />';
       }
