"./var/class2type",
"./var/toString",
"./var/hasOwn",
- "./var/support"
+ "./core/support"
], function( arr, slice, concat, push, indexOf, class2type, toString, hasOwn, support ) {
var
"../core",
"./var/rsingleTag",
"../manipulation" // buildFragment
-], function( jQuery, rsingleTag ) {
+], function( jQuery, rsingleTag, support ) {
// data: string of html
// context (optional): If specified, the fragment will be created in this context,
keepScripts = context;
context = false;
}
- context = context || document;
+ // document.implementation stops scripts or inline event handlers from
+ // being executed immediately
+ context = context || ( support.createHTMLDocument ?
+ document.implementation.createHTMLDocument() :
+ document );
var parsed = rsingleTag.exec( data ),
scripts = !keepScripts && [];
--- /dev/null
+define([
+ "../var/support"
+], function( jQuery, support ) {
+ // window.document is used here as it's before the sandboxed document
+ support.createHTMLDocument = !!window.document.implementation.createHTMLDocument;
+});
ok( jQuery.parseHTML("<#if><tr><p>This is a test.</p></tr><#/if>") || true, "Garbage input should not cause error" );
});
+// This XSS test is optional, as it will only pass when `document.implementation.createHTMLDocument`
+// is implemented. This might not be the case for older Android browsers (<= 2.x).
+if ( document.implementation.createHTMLDocument ) {
+ asyncTest("jQuery.parseHTML", function() {
+ expect ( 1 );
+
+ Globals.register("parseHTMLError");
+
+ jQuery.globalEval("parseHTMLError = false;");
+ jQuery.parseHTML( "<img src=x onerror='parseHTMLError = true'>" );
+
+ window.setTimeout(function() {
+ start();
+ equal( window.parseHTMLError, false, "onerror eventhandler has not been called." );
+ }, 2000);
+ });
+}
+
test("jQuery.parseJSON", function() {
expect( 20 );
"checkOn": true,
"clearCloneStyle": true,
"cors": true,
+ "createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": true,
"checkOn": true,
"clearCloneStyle": false,
"cors": true,
+ "createHTMLDocument": true,
"focusinBubbles": true,
"noCloneChecked": false,
"optDisabled": true,
"checkOn": true,
"clearCloneStyle": false,
"cors": false,
+ "createHTMLDocument": true,
"focusinBubbles": true,
"noCloneChecked": false,
"optDisabled": true,
"checkOn": true,
"clearCloneStyle": true,
"cors": true,
+ "createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": true,
"checkOn": true,
"clearCloneStyle": true,
"cors": true,
+ "createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": true,
"checkOn": true,
"clearCloneStyle": true,
"cors": true,
+ "createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": true,
"checkOn": false,
"clearCloneStyle": true,
"cors": true,
+ "createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": true,
"checkOn": false,
"clearCloneStyle": false,
"cors": true,
+ "createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": false,
projects / jquery.git / commitdiff