Skip to content
Permalink
Browse files

Adjust jQuery('html') detection to only match when html starts with '…

…<' (not counting space characters). Fixes #11290.
  • Loading branch information...
timmywil committed Jun 20, 2012
1 parent 452e327 commit 05531fc4080ae24070930d15ae0cea7ae056457d
Showing with 21 additions and 12 deletions.
  1. +2 −1 src/core.js
  2. +1 −1 src/sizzle
  3. +4 −8 test/unit/core.js
  4. +13 −1 test/unit/selector.js
  5. +1 −1 test/unit/traversing.js
@@ -49,7 +49,8 @@ var

// A simple way to check for HTML strings
// Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
rquickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*|#([\w-]*))$/,
// Strict HTML recognition (#11290: must start with <)
rquickExpr = /^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,

// Match a standalone tag
rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>|)$/,
Submodule sizzle updated 2 files
+4 −19 speed/speed.js
+4 −0 test/unit/selector.js
@@ -27,7 +27,7 @@ test("jQuery()", function() {
div = jQuery("<div/><hr/><code/><b/>"),
exec = false,
lng = "",
expected = 26,
expected = 22,
attrObj = {
"click": function() { ok( exec, "Click executed." ); },
"text": "test",
@@ -139,15 +139,9 @@ test("jQuery()", function() {
// manually clean up detached elements
elem.remove();

equal( jQuery(" <div/> ").length, 1, "Make sure whitespace is trimmed." );
equal( jQuery(" a<div/>b ").length, 1, "Make sure whitespace and other characters are trimmed." );

for ( i = 0; i < 128; i++ ) {
lng += "12345678";
}

equal( jQuery(" <div>" + lng + "</div> ").length, 1, "Make sure whitespace is trimmed on long strings." );
equal( jQuery(" a<div>" + lng + "</div>b ").length, 1, "Make sure whitespace and other characters are trimmed on long strings." );
});

test( "selector state", function() {
@@ -1206,7 +1200,7 @@ test("jQuery.proxy", function(){
});

test("jQuery.parseHTML", function() {
expect( 12 );
expect( 13 );

var html, nodes;

@@ -1231,6 +1225,8 @@ test("jQuery.parseHTML", function() {

equal( jQuery.parseHTML("text")[0].nodeType, 3, "Parsing text returns a text node" );
equal( jQuery.parseHTML( "\t<div></div>" )[0].nodeValue, "\t", "Preserve leading whitespace" );

equal( jQuery.parseHTML(" <div/> ")[0].nodeType, 3, "Leading spaces are treated as text nodes (#11290)" );
});

test("jQuery.parseJSON", function(){
@@ -17,7 +17,7 @@ test("element - jQuery only", function() {
ok( jQuery("#length").length, "<input name=\"length\"> cannot be found under IE, see #945" );
ok( jQuery("#lengthtest input").length, "<input name=\"length\"> cannot be found under IE, see #945" );

//#7533
// #7533
equal( jQuery("<div id=\"A'B~C.D[E]\"><p>foo</p></div>").find("p").length, 1, "Find where context root is a node and has an ID with CSS3 meta characters" );
});

@@ -77,6 +77,18 @@ test("disconnected nodes", function() {
equal( $div.is("div"), true, "Make sure .is('nodeName') works on disconnect nodes." );
});

test("jQuery only - broken", 1, function() {
raises(function() {
// Setting context to null here somehow avoids QUnit's window.error handling
// making the e & e.message correct
// For whatever reason, without this,
// Sizzle.error will be called but no error will be seen in oldIE
jQuery.call( null, " <div/> " );
}, function( e ) {
return e.message.indexOf("Syntax error") >= 0;
}, "leading space invalid: $(' <div/> ')" );
});

testIframe("selector/html5_selector", "attributes - jQuery.attr", function( jQuery, window, document ) {
expect( 35 );

@@ -114,7 +114,7 @@ test("is() with positional selectors", function() {
"<p id='posp'><a class='firsta' href='#'><em>first</em></a><a class='seconda' href='#'><b>test</b></a><em></em></p>"
).appendTo( "body" ),
isit = function(sel, match, expect) {
equal( jQuery( sel ).is( match ), expect, "jQuery( " + sel + " ).is( " + match + " )" );
equal( jQuery( sel ).is( match ), expect, "jQuery('" + sel + "').is('" + match + "')" );
};

isit( "#posp", "#posp:first", true );

1 comment on commit 05531fc

@anarcat

This comment has been minimized.

Copy link

commented on 05531fc Jan 19, 2018

CVE-2012-6708 was assigned to track this issue.

Please sign in to comment.
You can’t perform that action at this time.