From 9fa8fadbc898b1d5216ae3df2b6de7ea4c8643b4 Mon Sep 17 00:00:00 2001
From: Andreas Fernandez <a.fernandez@scripting-base.de>
Date: Mon, 14 Jun 2021 15:04:53 +0200
Subject: [PATCH] [TASK] Reflect patched jQuery state

Documents the fact that bundled jQuery v3.4.1 actually has been patched
to reflect security changes for jQuery v3.5.1 - but besides that still
behaves like v3.4.1 in terms of backward compatibility.

Resolves: #94337
Releases: 10.4, 9.5
Change-Id: I00395f9307d16ee5d740a975017242587546f516
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/69488
Tested-by: core-ci <typo3@b13.com>
Tested-by: Simon Gilli <typo3@gilbertsoft.org>
Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Simon Gilli <typo3@gilbertsoft.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
---
 Build/patches/jquery+3.4.1.patch              | 63 +++++++++++++------
 .../JavaScript/Contrib/jquery/jquery.js       |  8 ++-
 2 files changed, 51 insertions(+), 20 deletions(-)

diff --git a/Build/patches/jquery+3.4.1.patch b/Build/patches/jquery+3.4.1.patch
index e1e569ac1d8a..161391e98559 100644
--- a/Build/patches/jquery+3.4.1.patch
+++ b/Build/patches/jquery+3.4.1.patch
@@ -1,36 +1,63 @@
 diff --git a/node_modules/jquery/dist/jquery.js b/node_modules/jquery/dist/jquery.js
-index 773ad95..ef1eb73 100644
+index 773ad95..e5d2ccf 100644
 --- a/node_modules/jquery/dist/jquery.js
 +++ b/node_modules/jquery/dist/jquery.js
-@@ -4722,9 +4722,6 @@
+@@ -1,5 +1,5 @@
+ /*!
+- * jQuery JavaScript Library v3.4.1
++ * jQuery JavaScript Library v3.4.1+security1
+  * https://jquery.com/
+  *
+  * Includes Sizzle.js
+@@ -10,6 +10,10 @@
+  * https://jquery.org/license
+  *
+  * Date: 2019-05-01T21:04Z
++ *
++ * + security1 patch: CVE-2020-11022 & CVE-2020-11023
++ *   - https://github.com/DanielRuf/snyk-js-jquery-565129
++ *   - behaves like jQuery v3.5.1
+  */
+ ( function( global, factory ) {
+ 
+@@ -142,7 +146,7 @@ function toType( obj ) {
+ 
+ 
+ var
+-	version = "3.4.1",
++	version = "3.4.1+security1",
+ 
+ 	// Define a local copy of jQuery
+ 	jQuery = function( selector, context ) {
+@@ -4722,9 +4726,6 @@ var rscriptType = ( /^$|^module$|\/(?:java|ecma)script/i );
  // We have to close these tags to support XHTML (#13200)
  var wrapMap = {
-
+ 
 -	// Support: IE <=9 only
 -	option: [ 1, "<select multiple='multiple'>", "</select>" ],
 -
  	// XHTML parsers do not magically insert elements in the
  	// same way that tag soup parsers do. So we cannot shorten
  	// this by omitting <tbody> or other required elements.
-@@ -4736,12 +4733,14 @@
+@@ -4736,12 +4737,14 @@ var wrapMap = {
  	_default: [ 0, "", "" ]
  };
-
+ 
 -// Support: IE <=9 only
 -wrapMap.optgroup = wrapMap.option;
 -
  wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead;
  wrapMap.th = wrapMap.td;
-
+ 
 +// Support: IE <=9 only
 +if ( !support.option ) {
 +	wrapMap.optgroup = wrapMap.option = [ 1, "<select multiple='multiple'>", "</select>" ];
 +}
 +
-
+ 
  function getAll( context, tag ) {
-
-@@ -4897,6 +4896,12 @@
+ 
+@@ -4897,6 +4900,12 @@ function buildFragment( elems, context, scripts, selection, ignored ) {
  	// Make sure textarea (and checkbox) defaultValue is properly cloned
  	div.innerHTML = "<textarea>x</textarea>";
  	support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue;
@@ -41,28 +68,28 @@ index 773ad95..ef1eb73 100644
 +	div.innerHTML = "<option></option>";
 +	support.option = !!div.lastChild;
  } )();
-
-
-@@ -5771,11 +5771,6 @@ jQuery.fn.extend( {
-
+ 
+ 
+@@ -5771,11 +5780,6 @@ jQuery.fn.extend( {
+ 
  var
-
+ 
 -	/* eslint-disable max-len */
 -
 -	// See https://github.com/eslint/eslint/issues/3229
 -	rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([a-z][^\/\0>\x20\t\r\n\f]*)[^>]*)\/>/gi,
 -
  	/* eslint-enable */
-
+ 
  	// Support: IE <=10 - 11, Edge 12 - 13 only
-@@ -5976,7 +5971,7 @@ function remove( elem, selector, keepData ) {
-
+@@ -5976,7 +5980,7 @@ function remove( elem, selector, keepData ) {
+ 
  jQuery.extend( {
  	htmlPrefilter: function( html ) {
 -		return html.replace( rxhtmlTag, "<$1></$2>" );
 +		return html;
  	},
-
+ 
  	clone: function( elem, dataAndEvents, deepDataAndEvents ) {
 diff --git a/node_modules/jquery/dist/jquery.min.js b/node_modules/jquery/dist/jquery.min.js
 index a1c07fd..aebe828 100644
diff --git a/typo3/sysext/core/Resources/Public/JavaScript/Contrib/jquery/jquery.js b/typo3/sysext/core/Resources/Public/JavaScript/Contrib/jquery/jquery.js
index b836095272c2..e5d2ccfc30cc 100644
--- a/typo3/sysext/core/Resources/Public/JavaScript/Contrib/jquery/jquery.js
+++ b/typo3/sysext/core/Resources/Public/JavaScript/Contrib/jquery/jquery.js
@@ -1,5 +1,5 @@
 /*!
- * jQuery JavaScript Library v3.4.1
+ * jQuery JavaScript Library v3.4.1+security1
  * https://jquery.com/
  *
  * Includes Sizzle.js
@@ -10,6 +10,10 @@
  * https://jquery.org/license
  *
  * Date: 2019-05-01T21:04Z
+ *
+ * + security1 patch: CVE-2020-11022 & CVE-2020-11023
+ *   - https://github.com/DanielRuf/snyk-js-jquery-565129
+ *   - behaves like jQuery v3.5.1
  */
 ( function( global, factory ) {
 
@@ -142,7 +146,7 @@ function toType( obj ) {
 
 
 var
-	version = "3.4.1",
+	version = "3.4.1+security1",
 
 	// Define a local copy of jQuery
 	jQuery = function( selector, context ) {