Some samples use outdated ContentDefinition DataUri versions that contain an old an vulnerable version of jQuery

[Jeroen-VdB]

trafficstars

As mentioned in this StackOverflow question: https://stackoverflow.com/questions/52635930/azure-b2c-using-outdated-version-of-jquery-version-1-10-2/76183739#76183739 using older content definition versions use an older jQuery that is vulnerable to XSS. I based my custom policies with basic knowledge regarding these templates and was not aware of this issue. Our customer only recently received this information thanks to a pen test.

It might be a good idea to make sure that all samples use at least the new content definition contract version to prevent people, like me, to implement less secure custom policies. I resolved this issue by updating our custom policies as explained in this article's chapter: https://learn.microsoft.com/en-us/azure/active-directory-b2c/contentdefinitions#migrating-to-page-layout