Skip to content
Permalink
Browse files

Don't cache non-html strings in buildFragment to avoid possible colli…

…sion with the names of Object methods like toString. Also makes the unit tests 0.5% to 8% faster. Fixes #6779.
  • Loading branch information...
dmethvin authored and csnover committed Dec 27, 2010
1 parent 64ee558 commit 5fd21fc02bda43d4e31bcf2d5b55b918a9190a7f
Showing with 19 additions and 2 deletions.
  1. +2 −2 src/manipulation.js
  2. +17 −0 test/unit/manipulation.js
@@ -440,12 +440,12 @@ jQuery.buildFragment = function( args, nodes, scripts ) {
var fragment, cacheable, cacheresults,
doc = (nodes && nodes[0] ? nodes[0].ownerDocument || nodes[0] : document);

// Only cache "small" (1/2 KB) strings that are associated with the main document
// Only cache "small" (1/2 KB) HTML strings that are associated with the main document
// Cloning options loses the selected state, so don't cache them
// IE 6 doesn't like it when you put <object> or <embed> elements in a fragment
// Also, WebKit does not clone 'checked' attributes on cloneNode, so don't cache
if ( args.length === 1 && typeof args[0] === "string" && args[0].length < 512 && doc === document &&
!rnocache.test( args[0] ) && (jQuery.support.checkClone || !rchecked.test( args[0] )) ) {
args[0].charAt(0) === "<" && !rnocache.test( args[0] ) && (jQuery.support.checkClone || !rchecked.test( args[0] )) ) {

cacheable = true;
cacheresults = jQuery.fragments[ args[0] ];
@@ -1247,3 +1247,20 @@ test("jQuery.cleanData", function() {
return div;
}
});

test("jQuery.buildFragment - no plain-text caching (Bug #6779)", function() {
expect(1);

// DOM manipulation fails if added text matches an Object method
var $f = jQuery( "<div />" ).appendTo( "#main" ),
bad = [ "start-", "toString", "hasOwnProperty", "append", "here&there!", "-end" ];

for ( var i=0; i < bad.length; i++ ) {
try {
$f.append( bad[i] );
}
catch(e) {}
}
equals($f.text(), bad.join(''), "Cached strings that match Object properties");
$f.remove();
});

0 comments on commit 5fd21fc

Please sign in to comment.
You can’t perform that action at this time.