Adjust jQuery('html') detection to only match when html starts with '<' (counting...

diff --git a/src/core.js b/src/core.js
index 1bf7e56039e73653ce9cc4f413a8c6cd7e810c7f..14a6539161e85bccab8418e026955a90c1e3272a 100644 (file)
--- a/src/core.js
+++ b/src/core.js
@@ -40,9 +40,8 @@ var
        trimRight = /\s+$/,
 
        // A simple way to check for HTML strings
-       // Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
-       // Ignore html if within quotes "" '' or brackets/parens [] ()
-       rhtmlString = /^(?:[^#<\\]*(<[\w\W]+>)(?![^\[]*\])(?![^\(]*\))(?![^']*')(?![^"]*")[^>]*$)/,
+       // If starts-with '<'
+       rhtmlString = /^\s*(<[\w\W]+>)[^>]*$/,
 
        // Match a standalone tag
        rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>)?$/,

diff --git a/test/unit/core.js b/test/unit/core.js
index 0b392adf199bbb3cb9652b85649d62ccda9f677b..200f045dbec7b8011d87cf9dd8af4ef4627b6c44 100644 (file)
--- a/test/unit/core.js
+++ b/test/unit/core.js
@@ -27,7 +27,7 @@ test("jQuery()", function() {
                div = jQuery("<div/><hr/><code/><b/>"),
                exec = false,
                long = "",
-               expected = 26,
+               expected = 24,
                attrObj = {
                        click: function() { ok( exec, "Click executed." ); },
                        text: "test",
@@ -132,14 +132,12 @@ test("jQuery()", function() {
        elem.remove();
 
        equal( jQuery(" <div/> ").length, 1, "Make sure whitespace is trimmed." );
-       equal( jQuery(" a<div/>b ").length, 1, "Make sure whitespace and other characters are trimmed." );
 
        for ( i = 0; i < 128; i++ ) {
                long += "12345678";
        }
 
        equal( jQuery(" <div>" + long + "</div> ").length, 1, "Make sure whitespace is trimmed on long strings." );
-       equal( jQuery(" a<div>" + long + "</div>b ").length, 1, "Make sure whitespace and other characters are trimmed on long strings." );
 });
 
 test("selector state", function() {