// A simple way to check for HTML strings
// Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
- // Ignore html if within quotes "" '' or brackets/parens [] ()
- rhtmlString = /^(?:[^#<\\]*(<[\w\W]+>)(?![^\[]*\])(?![^\(]*\))(?![^']*')(?![^"]*")[^>]*$)/,
+ rhtmlString = /^(?:[^#<]*(<[\w\W]+>)[^>]*$)/,
// Match a standalone tag
rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>)?$/,
});
test("jQuery('html')", function() {
- expect( 22 );
+ expect( 18 );
QUnit.reset();
jQuery.foo = false;
ok( jQuery("<div></div>")[0], "Create a div with closing tag." );
ok( jQuery("<table></table>")[0], "Create a table with closing tag." );
- equal( jQuery("element[attribute='<div></div>']").length, 0, "When html is within brackets, do not recognize as html." );
- equal( jQuery("element[attribute=<div></div>]").length, 0, "When html is within brackets, do not recognize as html." );
- equal( jQuery("element:not(<div></div>)").length, 0, "When html is within parens, do not recognize as html." );
- equal( jQuery("\\<div\\>").length, 0, "Ignore escaped html characters" );
+ // equal( jQuery("element[attribute='<div></div>']").length, 0, "When html is within brackets, do not recognize as html." );
+ // equal( jQuery("element[attribute=<div></div>]").length, 0, "When html is within brackets, do not recognize as html." );
+ // equal( jQuery("element:not(<div></div>)").length, 0, "When html is within parens, do not recognize as html." );
+ // equal( jQuery("\\<div\\>").length, 0, "Ignore escaped html characters" );
// Test very large html string #7990
var i;