Added XSS protection to jQuery prior to 3.x for cross-domain requestS

layouts/v7/resources/application.js

@@ -537,4 +537,20 @@ jQuery(function () {
 			modal_this.$element.focus()
 		}
 	})};
-});
\ No newline at end of file
+});
+
+/**
+ * Pre-filter Ajax requests to guard against XSS attacks.
+ *
+ * See https://github.com/jquery/jquery/issues/2432
+ */
+if (jQuery.ajaxPrefilter) {
+  // For newer versions of jQuery, use an Ajax prefilter to prevent
+  // auto-executing script tags from untrusted domains. This is similar to the
+  // fix that is built in to jQuery 3.0 and higher.
+  jQuery.ajaxPrefilter(function (s) {
+    if (s.crossDomain) {
+      s.contents.script = false;
+    }
+  });
+}