Adjust jQuery('html') detection to only match when html starts with '…

…<' (counting space characters). Fixes #11290
jquery · Jun 20, 2012 · 239fc86 · 239fc86 · mikesherov · Jun 20, 2012
1 parent 286c4d9
commit 239fc86
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 6 deletions.
diff --git a/src/core.js b/src/core.js
@@ -40,9 +40,8 @@ var
 	trimRight = /\s+$/,
 
 	// A simple way to check for HTML strings
-	// Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
-	// Ignore html if within quotes "" '' or brackets/parens [] ()
-	rhtmlString = /^(?:[^#<\\]*(<[\w\W]+>)(?![^\[]*\])(?![^\(]*\))(?![^']*')(?![^"]*")[^>]*$)/,
+	// If starts-with '<'
+	rhtmlString = /^\s*(<[\w\W]+>)[^>]*$/,
 
 	// Match a standalone tag
 	rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>)?$/,

diff --git a/test/unit/core.js b/test/unit/core.js
@@ -27,7 +27,7 @@ test("jQuery()", function() {
 		div = jQuery("<div/><hr/><code/><b/>"),
 		exec = false,
 		long = "",
-		expected = 26,
+		expected = 24,
 		attrObj = {
 			click: function() { ok( exec, "Click executed." ); },
 			text: "test",
@@ -132,14 +132,12 @@ test("jQuery()", function() {
 	elem.remove();
 
 	equal( jQuery(" <div/> ").length, 1, "Make sure whitespace is trimmed." );
-	equal( jQuery(" a<div/>b ").length, 1, "Make sure whitespace and other characters are trimmed." );
 
 	for ( i = 0; i < 128; i++ ) {
 		long += "12345678";
 	}
 
 	equal( jQuery(" <div>" + long + "</div> ").length, 1, "Make sure whitespace is trimmed on long strings." );
-	equal( jQuery(" a<div>" + long + "</div>b ").length, 1, "Make sure whitespace and other characters are trimmed on long strings." );
 });
 
 test("selector state", function() {