Link manipulation (DOM-based) - JQuery Mobile

Link manipulation (DOM-based) - JQuery Mobile

Hi all, 

we use jquery.mobile-1.4.5.min.js in our application.
Burp scan found a Link manipulation (DOM-based) vulnerabilitiy in JQuery Mobile sources:


Link manipulation (DOM-based):
Issue detail
The application may be vulnerable to DOM-based link manipulation. Data is read from location.pathname and passed to the 'href' property of a DOM element via the following statement:
e[0 ] .href= g|| location.pathname
from :

return e.length?g=e.attr("href"):e=f=a("<base>",{href:d}).appendTo("head"),b=a("<a href='testurl' />").prependTo(m),c=b[0].href,e[0].href=g||location.pathname,f&&f.remove(),0===c.indexOf(d)


Here is a comment from Burp People:

"could potentially be a open redirection if you can inject a custom path. For example://redirect-host.com/

It’s unlikely this happens on most sites since you would hit a 404 for “redirect-host.com” but may work if the site you are testing has the JavaScript on the 404 page for example."



Could someone tell me if these is a real JQuery Mobile issues and bugs are needed for jquery-mobile or the findings are false positive?

Thanks, 
Olga.