diff --git a/modules/apps/frontend-js/frontend-js-jquery-web/src/main/resources/META-INF/resources/jquery/form.js b/modules/apps/frontend-js/frontend-js-jquery-web/src/main/resources/META-INF/resources/jquery/form.js
index bb6c3dd3ab38f8..75105872286038 100644
--- a/modules/apps/frontend-js/frontend-js-jquery-web/src/main/resources/META-INF/resources/jquery/form.js
+++ b/modules/apps/frontend-js/frontend-js-jquery-web/src/main/resources/META-INF/resources/jquery/form.js
@@ -16,7 +16,7 @@
 
 	/*!
 	 * jQuery Form Plugin
-	 * version: 3.51.0-2014.06.20
+	 * version: 3.51.0.LIFERAY-PATCHED-ISSUE-586
 	 * Requires jQuery v1.5 or later
 	 * Copyright (c) 2014 M. Alsup
 	 * Examples and documentation at: http://malsup.com/jquery/form/
@@ -243,6 +243,14 @@
 				var oldSuccess = options.success || function () {};
 				callbacks.push(function (data) {
 					var fn = options.replaceTarget ? 'replaceWith' : 'html';
+
+					// Validate `data` through `HTML encoding` when passed `data` is passed
+					// to `html()`, as suggested in https://github.com/jquery-form/form/issues/464
+
+					data = options.replaceTarget
+						? data
+						: $.parseHTML($('<div>').text(data).html());
+
 					$(options.target)[fn](data).each(oldSuccess, arguments);
 				});
 			}
@@ -1076,8 +1084,12 @@
 				var parseJSON =
 					$.parseJSON ||
 					function (s) {
-						/*jslint evil:true */
-						return window['eval']('(' + s + ')');
+
+						// Throw an error instead of making a new function using unsanitized inputs to avoid XSS attacks
+
+						window.console.error('jquery.parseJSON is undefined');
+
+						return null;
 					};
 
 				var httpData = function (xhr, type, s) {