There is an open issue for jQuery Form that indicates that it may contain a theoretical Cross-site Scripting (XSS) vulnerability: https://github.com/jquery-form/form/pull/586 We do not believe that Backdrop is exploitable, but we could include a security hardening that would protect Backdrop against any potential threat.