diff options
author | Michał Gołębiowski-Owczarek <m.goleb@gmail.com> | 2024-10-27 00:04:00 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-10-27 00:04:00 +0200 |
commit | af8adca5481d0ac5db0865032b6c4c7e21421be7 (patch) | |
tree | 6219d2b51ca29f3dc6899959e81da0ba00c19005 /ui/widgets | |
parent | ebdcd0d866a5d318c5255c2d6404867878d06d47 (diff) | |
download | jquery-ui-af8adca5481d0ac5db0865032b6c4c7e21421be7.tar.gz jquery-ui-af8adca5481d0ac5db0865032b6c4c7e21421be7.zip |
Tabs: Use `CSS.escape` for sanitizing selectors
The previous private `_sanitizeSelector` API was not correctly escaping
backslashes and is now removed. The native API should always be correct.
Closes gh-2307
Diffstat (limited to 'ui/widgets')
-rw-r--r-- | ui/widgets/tabs.js | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/ui/widgets/tabs.js b/ui/widgets/tabs.js index 72b868e4f..7b7907c32 100644 --- a/ui/widgets/tabs.js +++ b/ui/widgets/tabs.js @@ -121,14 +121,14 @@ $.widget( "ui.tabs", { _initialActive: function() { var active = this.options.active, collapsible = this.options.collapsible, - locationHash = location.hash.substring( 1 ); + locationHashDecoded = decodeURIComponent( location.hash.substring( 1 ) ); if ( active === null ) { // check the fragment identifier in the URL - if ( locationHash ) { + if ( locationHashDecoded ) { this.tabs.each( function( i, tab ) { - if ( $( tab ).attr( "aria-controls" ) === locationHash ) { + if ( $( tab ).attr( "aria-controls" ) === locationHashDecoded ) { active = i; return false; } @@ -312,10 +312,6 @@ $.widget( "ui.tabs", { } }, - _sanitizeSelector: function( hash ) { - return hash ? hash.replace( /[!"$%&'()*+,.\/:;<=>?@\[\]\^`{|}~]/g, "\\$&" ) : ""; - }, - refresh: function() { var options = this.options, lis = this.tablist.children( ":has(a[href])" ); @@ -434,9 +430,9 @@ $.widget( "ui.tabs", { // Inline tab if ( that._isLocal( anchor ) ) { - selector = anchor.hash; + selector = decodeURIComponent( anchor.hash ); panelId = selector.substring( 1 ); - panel = that.element.find( that._sanitizeSelector( selector ) ); + panel = that.element.find( "#" + CSS.escape( panelId ) ); // remote tab } else { @@ -874,7 +870,7 @@ $.widget( "ui.tabs", { _getPanelForTab: function( tab ) { var id = $( tab ).attr( "aria-controls" ); - return this.element.find( this._sanitizeSelector( "#" + id ) ); + return this.element.find( "#" + CSS.escape( id ) ); } } ); |