aboutsummaryrefslogtreecommitdiffstats
path: root/test/unit
diff options
context:
space:
mode:
authorMichał Gołębiowski-Owczarek <m.goleb@gmail.com>2021-07-19 19:15:27 +0200
committerGitHub <noreply@github.com>2021-07-19 19:15:27 +0200
commit924b515dd3f33fff3e5122408fcccecc2d775425 (patch)
tree90fa72a0ae988e51d38f862c65c9efd864b12422 /test/unit
parentf12cac6075ebce3e2b0ee4cfa58c24c559ce6a6a (diff)
downloadjquery-924b515dd3f33fff3e5122408fcccecc2d775425.tar.gz
jquery-924b515dd3f33fff3e5122408fcccecc2d775425.zip
Manipulation: Don't remove HTML comments from scripts
When evaluating scripts, jQuery strips out the possible wrapping HTML comment and a CDATA section. However, all supported browsers are already doing that when loading JS via appending a script tag to the DOM which is how we've been doing `jQuery.globalEval` since jQuery 3.0.0. jQuery logic was imperfect, e.g. it just stripped the `<!--` and `-->` markers, respectively at the beginning or the end of the script contents. However, browsers are also stripping everything following those markers in the same line, treating them as single-line comments delimiters; this is now also mandated by ECMAScript 2015 in Annex B. Instead of fixing the jQuery logic, just let the browser do its thing. We still need to strip CDATA sections for backwards compatibility. This shouldn't be needed as in XML documents they're already not visible when inspecting element contents and in HTML documents they have no meaning but we're preserving that logic for backwards compatibility. This will be removed completely in 4.0. Fixes gh-4904 Closes gh-4905 Ref gh-4906
Diffstat (limited to 'test/unit')
-rw-r--r--test/unit/manipulation.js13
1 files changed, 12 insertions, 1 deletions
diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js
index 22e9ae747..3fe49aae9 100644
--- a/test/unit/manipulation.js
+++ b/test/unit/manipulation.js
@@ -2268,7 +2268,7 @@ QUnit.test( "domManip plain-text caching (trac-6779)", function( assert ) {
QUnit.test( "domManip executes scripts containing html comments or CDATA (trac-9221)", function( assert ) {
- assert.expect( 3 );
+ assert.expect( 4 );
jQuery( [
"<script type='text/javascript'>",
@@ -2293,6 +2293,17 @@ QUnit.test( "domManip executes scripts containing html comments or CDATA (trac-9
"//--><!]]>",
"</script>"
].join( "\n" ) ).appendTo( "#qunit-fixture" );
+
+ // ES2015 in Annex B requires HTML-style comment delimiters (`<!--` & `-->`) to act as
+ // single-line comment delimiters; i.e. they should be treated as `//`.
+ // See gh-4904
+ jQuery( [
+ "<script type='text/javascript'>",
+ "<!-- Same-line HTML comment",
+ "QUnit.assert.ok( true, '<!-- Same-line HTML comment' );",
+ "-->",
+ "</script>"
+ ].join( "\n" ) ).appendTo( "#qunit-fixture" );
} );
testIframe(