diff --git a/.stylelintrc b/.stylelintrc
index dac9edbf4386..fce97867fc27 100644
--- a/.stylelintrc
+++ b/.stylelintrc
@@ -261,7 +261,14 @@
"fill",
"stroke"
],
- "property-blacklist": ["transition"],
+ "property-blacklist": [
+ "border-radius",
+ "border-top-left-radius",
+ "border-top-right-radius",
+ "border-bottom-right-radius",
+ "border-bottom-left-radius",
+ "transition"
+ ],
"property-no-vendor-prefix": true,
"rule-empty-line-before": null,
"scss/at-function-named-arguments": "never",
diff --git a/_config.yml b/_config.yml
index 1cb0c816da29..10c4b4a58e40 100644
--- a/_config.yml
+++ b/_config.yml
@@ -38,6 +38,7 @@ current_ruby_version: 4.2.1
docs_version: 4.2
repo: "https://github.com/twbs/bootstrap"
slack: "https://bootstrap-slack.herokuapp.com"
+opencollective: "https://opencollective.com/bootstrap"
blog: "https://blog.getbootstrap.com"
expo: "https://expo.getbootstrap.com"
themes: "https://themes.getbootstrap.com"
diff --git a/js/src/util.js b/js/src/util.js
index 0d434c4c515c..c3e23e81747b 100644
--- a/js/src/util.js
+++ b/js/src/util.js
@@ -82,7 +82,11 @@ const Util = {
selector = hrefAttr && hrefAttr !== '#' ? hrefAttr.trim() : ''
}
- return selector && document.querySelector(selector) ? selector : null
+ try {
+ return document.querySelector(selector) ? selector : null
+ } catch (err) {
+ return null
+ }
},
getTransitionDurationFromElement(element) {
diff --git a/js/tests/unit/modal.js b/js/tests/unit/modal.js
index 782a86eea09f..4d7682aaa7db 100644
--- a/js/tests/unit/modal.js
+++ b/js/tests/unit/modal.js
@@ -619,40 +619,37 @@ $(function () {
assert.expect(1)
var done = assert.async()
- try {
- var $toggleBtn = $('')
- .appendTo('#qunit-fixture')
+ var $toggleBtn = $('')
+ .appendTo('#qunit-fixture')
- $toggleBtn.trigger('click')
- } catch (e) {
+ $toggleBtn.trigger('click')
+ setTimeout(function () {
assert.strictEqual($('#modal-test').length, 0, 'target has not been parsed and added to the document')
done()
- }
+ }, 0)
})
QUnit.test('should not execute js from target', function (assert) {
assert.expect(0)
var done = assert.async()
- try {
- // This toggle button contains XSS payload in its data-target
- // Note: it uses the onerror handler of an img element to execute the js, because a simple script element does not work here
- // a script element works in manual tests though, so here it is likely blocked by the qunit framework
- var $toggleBtn = $('')
- .appendTo('#qunit-fixture')
- // The XSS payload above does not have a closure over this function and cannot access the assert object directly
- // However, it can send a click event to the following control button, which will then fail the assert
- $('