aboutsummaryrefslogtreecommitdiffstats
path: root/ui/widgets
diff options
context:
space:
mode:
authorMichał Gołębiowski-Owczarek <m.goleb@gmail.com>2024-10-27 00:04:00 +0200
committerGitHub <noreply@github.com>2024-10-27 00:04:00 +0200
commitaf8adca5481d0ac5db0865032b6c4c7e21421be7 (patch)
tree6219d2b51ca29f3dc6899959e81da0ba00c19005 /ui/widgets
parentebdcd0d866a5d318c5255c2d6404867878d06d47 (diff)
downloadjquery-ui-af8adca5481d0ac5db0865032b6c4c7e21421be7.tar.gz
jquery-ui-af8adca5481d0ac5db0865032b6c4c7e21421be7.zip
Tabs: Use `CSS.escape` for sanitizing selectors
The previous private `_sanitizeSelector` API was not correctly escaping backslashes and is now removed. The native API should always be correct. Closes gh-2307
Diffstat (limited to 'ui/widgets')
-rw-r--r--ui/widgets/tabs.js16
1 files changed, 6 insertions, 10 deletions
diff --git a/ui/widgets/tabs.js b/ui/widgets/tabs.js
index 72b868e4f..7b7907c32 100644
--- a/ui/widgets/tabs.js
+++ b/ui/widgets/tabs.js
@@ -121,14 +121,14 @@ $.widget( "ui.tabs", {
_initialActive: function() {
var active = this.options.active,
collapsible = this.options.collapsible,
- locationHash = location.hash.substring( 1 );
+ locationHashDecoded = decodeURIComponent( location.hash.substring( 1 ) );
if ( active === null ) {
// check the fragment identifier in the URL
- if ( locationHash ) {
+ if ( locationHashDecoded ) {
this.tabs.each( function( i, tab ) {
- if ( $( tab ).attr( "aria-controls" ) === locationHash ) {
+ if ( $( tab ).attr( "aria-controls" ) === locationHashDecoded ) {
active = i;
return false;
}
@@ -312,10 +312,6 @@ $.widget( "ui.tabs", {
}
},
- _sanitizeSelector: function( hash ) {
- return hash ? hash.replace( /[!"$%&'()*+,.\/:;<=>?@\[\]\^`{|}~]/g, "\\$&" ) : "";
- },
-
refresh: function() {
var options = this.options,
lis = this.tablist.children( ":has(a[href])" );
@@ -434,9 +430,9 @@ $.widget( "ui.tabs", {
// Inline tab
if ( that._isLocal( anchor ) ) {
- selector = anchor.hash;
+ selector = decodeURIComponent( anchor.hash );
panelId = selector.substring( 1 );
- panel = that.element.find( that._sanitizeSelector( selector ) );
+ panel = that.element.find( "#" + CSS.escape( panelId ) );
// remote tab
} else {
@@ -874,7 +870,7 @@ $.widget( "ui.tabs", {
_getPanelForTab: function( tab ) {
var id = $( tab ).attr( "aria-controls" );
- return this.element.find( this._sanitizeSelector( "#" + id ) );
+ return this.element.find( "#" + CSS.escape( id ) );
}
} );