Permalink
Browse files

Adjust jQuery('html') detection to only match when html starts with '…

…<' (not counting space characters). Fixes #11290.
  • Loading branch information...
1 parent 452e327 commit 05531fc4080ae24070930d15ae0cea7ae056457d timmywil committed with Timmy Willison Jun 20, 2012
Showing with 21 additions and 12 deletions.
  1. +2 −1 src/core.js
  2. +1 −1 src/sizzle
  3. +4 −8 test/unit/core.js
  4. +13 −1 test/unit/selector.js
  5. +1 −1 test/unit/traversing.js
View
@@ -49,7 +49,8 @@ var
// A simple way to check for HTML strings
// Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
- rquickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*|#([\w-]*))$/,
+ // Strict HTML recognition (#11290: must start with <)
+ rquickExpr = /^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,
// Match a standalone tag
rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>|)$/,
View
@@ -27,7 +27,7 @@ test("jQuery()", function() {
div = jQuery("<div/><hr/><code/><b/>"),
exec = false,
lng = "",
- expected = 26,
+ expected = 22,
attrObj = {
"click": function() { ok( exec, "Click executed." ); },
"text": "test",
@@ -139,15 +139,9 @@ test("jQuery()", function() {
// manually clean up detached elements
elem.remove();
- equal( jQuery(" <div/> ").length, 1, "Make sure whitespace is trimmed." );
- equal( jQuery(" a<div/>b ").length, 1, "Make sure whitespace and other characters are trimmed." );
-
for ( i = 0; i < 128; i++ ) {
lng += "12345678";
}
-
- equal( jQuery(" <div>" + lng + "</div> ").length, 1, "Make sure whitespace is trimmed on long strings." );
- equal( jQuery(" a<div>" + lng + "</div>b ").length, 1, "Make sure whitespace and other characters are trimmed on long strings." );
});
test( "selector state", function() {
@@ -1206,7 +1200,7 @@ test("jQuery.proxy", function(){
});
test("jQuery.parseHTML", function() {
- expect( 12 );
+ expect( 13 );
var html, nodes;
@@ -1231,6 +1225,8 @@ test("jQuery.parseHTML", function() {
equal( jQuery.parseHTML("text")[0].nodeType, 3, "Parsing text returns a text node" );
equal( jQuery.parseHTML( "\t<div></div>" )[0].nodeValue, "\t", "Preserve leading whitespace" );
+
+ equal( jQuery.parseHTML(" <div/> ")[0].nodeType, 3, "Leading spaces are treated as text nodes (#11290)" );
});
test("jQuery.parseJSON", function(){
View
@@ -17,7 +17,7 @@ test("element - jQuery only", function() {
ok( jQuery("#length").length, "<input name=\"length\"> cannot be found under IE, see #945" );
ok( jQuery("#lengthtest input").length, "<input name=\"length\"> cannot be found under IE, see #945" );
- //#7533
+ // #7533
equal( jQuery("<div id=\"A'B~C.D[E]\"><p>foo</p></div>").find("p").length, 1, "Find where context root is a node and has an ID with CSS3 meta characters" );
});
@@ -77,6 +77,18 @@ test("disconnected nodes", function() {
equal( $div.is("div"), true, "Make sure .is('nodeName') works on disconnect nodes." );
});
+test("jQuery only - broken", 1, function() {
+ raises(function() {
+ // Setting context to null here somehow avoids QUnit's window.error handling
+ // making the e & e.message correct
+ // For whatever reason, without this,
+ // Sizzle.error will be called but no error will be seen in oldIE
+ jQuery.call( null, " <div/> " );
+ }, function( e ) {
+ return e.message.indexOf("Syntax error") >= 0;
+ }, "leading space invalid: $(' <div/> ')" );
+});
+
testIframe("selector/html5_selector", "attributes - jQuery.attr", function( jQuery, window, document ) {
expect( 35 );
View
@@ -114,7 +114,7 @@ test("is() with positional selectors", function() {
"<p id='posp'><a class='firsta' href='#'><em>first</em></a><a class='seconda' href='#'><b>test</b></a><em></em></p>"
).appendTo( "body" ),
isit = function(sel, match, expect) {
- equal( jQuery( sel ).is( match ), expect, "jQuery( " + sel + " ).is( " + match + " )" );
+ equal( jQuery( sel ).is( match ), expect, "jQuery('" + sel + "').is('" + match + "')" );
};
isit( "#posp", "#posp:first", true );

0 comments on commit 05531fc

Please sign in to comment.