aboutsummaryrefslogtreecommitdiffstats
path: root/src/manipulation
Commit message (Collapse)AuthorAgeFilesLines
* Manipulation: Extract domManip to a separate fileMichał Gołębiowski-Owczarek2022-10-101-0/+109
| | | | | | | | | | | We've already had `buildFragment` extracted to a separate file long ago. `domManip` is quite a complex & crucial API and so far it has existed within the `manipulation.js` module. Extracting it makes the module shorter and easier to understand. A few comments / messages in tests have also been updated to not suggest there's a public `jQuery.domManip` API - it's been private since 3.0.0. Closes gh-5138
* Docs: Replace `#NUMBER` Trac issue references with `trac-NUMBER`Michał Gołębiowski-Owczarek2022-01-043-3/+3
| | | | | | | | | | | | | The GitHub UI treats `#NUMBER` as referring to its own issues which is confusing when in jQuery source it's usually referring to the old deprecated Trac instance at https://bugs.jquery.com. This change replaces all such Trac references with `trac-NUMBER`. A few of the references came with the Sizzle integration and referred to the Sizzle GitHub bug tracker. Those have been replaced with full links instead. A new entry describing issue reference conventions has been added to README. Closes gh-4993
* Core:Manipulation: Add basic TrustedHTML supportMichał Gołębiowski-Owczarek2021-09-301-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This ensures HTML wrapped in TrustedHTML can be used as an input to jQuery manipulation methods in a way that doesn't violate the `require-trusted-types-for` Content Security Policy directive. This commit builds on previous work needed for trusted types support, including gh-4642 and gh-4724. One restriction is that while any TrustedHTML wrapper should work as input for jQuery methods like `.html()` or `.append()`, for passing directly to the `jQuery` factory the string must start with `<` and end with `>`; no trailing or leading whitespaces are allowed. This is necessary as we cannot parse out a part of the input for further construction; that would violate the CSP rule - and that's what's done to HTML input not matching these constraints. No trusted types API is used explicitly in source; the majority of the work is ensuring we don't pass the input converted to string to APIs that would eventually assign it to `innerHTML`. This extra cautiousness is caused by the API being Blink-only, at least for now. The ban on passing strings to `innerHTML` means support tests relying on such assignments are impossible. We don't currently have such tests on the `main` branch but we used to have many of them in the 3.x & older lines. If there's a need to re-add such a test, we'll need an escape hatch to skip them for apps needing CSP-enforced TrustedHTML. See https://web.dev/trusted-types/ for more information about TrustedHTML. Fixes gh-4409 Closes gh-4927 Ref gh-4642 Ref gh-4724
* Manipulation: Respect script crossorigin attribute in DOM manipulation高灰2020-09-221-0/+1
| | | | | | Fixes gh-4542 Closes gh-4563 Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
* Manipulation: Avoid concatenating strings in buildFragmentMichał Gołębiowski-Owczarek2020-06-102-13/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Concatenating HTML strings in buildFragment is a possible security risk as it creates an opportunity of escaping the concatenated wrapper. It also makes it impossible to support secure HTML wrappers like [trusted types](https://web.dev/trusted-types/). It's safer to create wrapper elements using `document.createElement` & `appendChild`. The previous way was needed in jQuery <4 because IE <10 doesn't accept table parts set via `innerHTML`, even if the element which contents are set is a proper table element, e.g.: ```js tr.innerHTML = "<td></td>"; ``` The whole structure needs to be passed in one HTML string. jQuery 4 drops support for IE <11 so this is no longer an issue; in older version we'd have to duplicate the code paths. IE <10 needed to have `<option>` elements wrapped in `<select multiple="multiple">` but we no longer need that on master which makes the `document.createElement` way shorter as we don't have to call `setAttribute`. All these improvements, apart from making logic more secure, decrease the gzipped size by 58 bytes. Closes gh-4724 Ref gh-4409 Ref angular/angular.js#17028 Co-authored-by: Richard Gibson <richard.gibson@gmail.com>
* Build:Event: Make sure all source modules' exports are used (#4648)Michał Gołębiowski-Owczarek2020-06-021-2/+0
| | | | | | | To achieve that, use `eslint-plugin-import`'s `no-unused-modules` rule. Also, explicitly import `event/trigger.js` from `jquery.js`; so far it was only imported from ajax.js, making it mistakenly skipped in the `custom:slim,-deprecated` build.
* Core: Fire iframe script in its context, add doc param in globalEvalMichał Gołębiowski-Owczarek2020-02-101-2/+2
| | | | | | | | | | 1. Support passing custom document to jQuery.globalEval; the script will be invoked in the context of this document. 2. Fire external scripts appended to iframe contents in that iframe context; this was already supported & tested for inline scripts but not for external ones. Fixes gh-4518 Closes gh-4601
* Core: Migrate from AMD to ES modules 🎉Michał Gołębiowski-Owczarek2019-11-187-56/+22
| | | | | | | | | | | | | | | | | | | | | | Migrate all source AMD modules to ECMAScript modules. The final bundle is compiled by a custom build process that uses Rollup under the hood. Test files themselves are still loaded via RequireJS as that has to work in IE 11. Tests can now be run in "Load as modules" mode which replaces the previous "Load with AMD" option. That option of running tests doesn't work in IE and Edge as it requires support for dynamic imports. Some of the changes required by the migration: * check `typeof` of `noGlobal` instead of using the variable directly as it's not available when modules are used * change the nonce module to be an object as ECMASscript module exports are immutable * remove some unused exports * import `./core/parseHTML.js` directly in `jquery.js` so that it's not being cut out when the `ajax` module is excluded in a custom compilation Closes gh-4541
* Core: Remove IE-specific support tests, rely on document.documentModeMichał Gołębiowski-Owczarek2019-05-131-28/+0
| | | | | | | Also, update some tests to IE-sniff when deciding whether to skip a test. Fixes gh-4386 Closes gh-4387
* Core: Drop support for IE <11, iOS <11, Firefox <65, Android Browser & PhantomJSMichał Gołębiowski-Owczarek2019-04-294-21/+5
| | | | | | | | | | | Also, update support comments format to match format described in: https://github.com/jquery/contribute.jquery.org/issues/95#issuecomment-69379197 with the change from: https://github.com/jquery/contribute.jquery.org/issues/95#issuecomment-448998379 (open-ended ranges end with `+`). Fixes gh-3950 Fixes gh-4299 Closes gh-4347
* Core: Preserve CSP nonce on scripts with src attribute in DOM manipulationbuddh42019-03-251-2/+2
| | | | | Fixes gh-4323 Closes gh-4328
* Event: Leverage native events for focus/blur/click; propagate additional dataRichard Gibson2019-03-201-5/+0
| | | | | | | | | | | | | | | | | | | | | Summary of the changes/fixes: 1. Trigger checkbox and radio click events identically (cherry-picked from b442abacbb8464f0165059e8da734e3143d0721f that was reverted before). 2. Manually trigger a native event before checkbox/radio handlers. 3. Add test coverage for triggering namespaced native-backed events. 4. Propagate extra parameters passed when triggering the click event to the handlers. 5. Intercept and preserve namespaced native-backed events. 6. Leverage native events for focus and blur. 7. Accept that focusin handlers may fire more than once for now. Fixes gh-1741 Fixes gh-3423 Fixes gh-3751 Fixes gh-4139 Closes gh-4279 Ref gh-1367 Ref gh-3494
* Manipulation: Restore _evalUrl jQuery.ajax calls to dataType: scriptRichard Gibson2018-12-131-4/+8
| | | | | | IE and iOS <10 XHR transport does not succeed on data: URIs Ref gh-4243 Ref gh-4126 Closes gh-4258
* Manipulation: Only evaluate HTTP-successful script srcRichard Gibson2018-12-121-2/+7
| | | | | Fixes gh-4126 Closes gh-4243
* Core: Recognize Shadow DOM in attachment checksSaptak Sengupta2018-11-091-1/+1
| | | | | | | Allow `isAttached` to check Shadow DOM for attachment. Fixes gh-3504 Closes gh-3996 Ref gh-3977
* Manipulation: Properly detect HTML elements with single-character namesRichard Gibson2018-07-131-1/+4
| | | | Fixes gh-4124 Closes gh-4125
* Core: Use isAttached to check for attachment of elementSaptak Sengupta2018-03-051-4/+5
| | | | | | | This change replaces the use of contains to check for attachment by isAttached function Closes gh-3977 Ref gh-3504
* Manipulation: Add support for scripts with module typebasil.belokon2018-01-161-1/+1
| | | | | Fixes gh-3871 Close gh-3869
* Core: deprecate jQuery.typeJason Bedard2018-01-161-2/+3
| | | | | Fixes gh-3605 Close gh-3895
* Revert "Event: Trigger checkbox and radio click events identically"Timmy Willison2017-03-201-0/+5
| | | | This reverts commit b442abacbb8464f0165059e8da734e3143d0721f.
* Core: Deprecate jQuery.nodeNamekaran-962017-03-011-3/+4
| | | | | Fixes gh-3475 Closes gh-3505
* Event: Trigger checkbox and radio click events identicallyAlex Padilla2017-01-191-5/+0
| | | | | Fixes gh-3423 Closes gh-3494
* Build: Update eslint config and fix associated errorsOleg Gaidarenko2016-07-151-9/+17
|
* Build: Put all AMD modules in "src/" in strict modeMichał Gołębiowski2016-04-259-0/+18
| | | | Fixes gh-3073
* Docs: Update support comments to follow the new syntaxMichał Gołębiowski2016-03-304-7/+7
| | | | | The changes follow the spec proposed in: https://github.com/jquery/contribute.jquery.org/issues/95#issuecomment-69379197
* Docs:Tests: Remove obsolete code from tests, update support commentsMichał Gołębiowski2016-03-082-3/+3
| | | | | | | | | | Support comments that were lacking the final IE/Edge version that exhibits the bug were checked & updated. Links to the Chromium bug tracker were updated. Code in tests related to unsupported browsers (like Android 2.3 in non-basic tests) has been removed. Fixes gh-2868 Closes gh-2949
* Manipulation: Bring tagname regexes up to specLeonardo Braga2016-01-071-1/+1
| | | | | Fixes gh-2005 Closes gh-2634
* Manipulation: Don't provide the parser with sloppy table markupAnthony Ryan2015-09-141-13/+6
| | | | | | | | | | | | | | | | | While we can reply on parsers that were designed to cope with malformed syntax to understand what we mean, we shouldn't intentionally provide bad markup, not all parsers will accept it. "Be conservative in what you do, be liberal in what you accept from others." Reverts 0ea342a6a6dce793c1b0f14f051c2573f40f4e44 Refs gh-2031 Refs gh-2002 Fixes gh-2493 Closes gh-2499
* Ajax:Attributes:CSS:Manipulation: Reduce Android 2.3 supportMichał Gołębiowski2015-09-141-3/+2
| | | | | | | | Drop non-critical workarounds for Android 2.3. Fixes gh-2483 Fixes gh-2505 Closes gh-2581
* Build: Update jscs and lint filesOleg Gaidarenko2015-09-079-23/+25
| | | | Fixes gh-2056
* Manipulation: privatize buildFragment() functionTimmy Willison2015-05-056-0/+182
| | | | Fixes gh-2224
* Ajax: simplify one ajax call and add explanatory commentOleg Gaidarenko2015-02-151-0/+2
| | | | | | | * Remove "async = true" from script transport since it was needed for FF < 4 and old Opera which we do not support anymore * Add comment to "evalUrl" method on why "type" field should be explicit
* Build: Don't assume the browser environment; smoke test on Node w/ jsdomMichał Gołębiowski2014-12-261-1/+2
| | | | | Fixes gh-1950 Closes gh-1949
* Manipulation: support data-URI scripts insertionBin Xin2014-12-031-0/+1
| | | | | Fixes gh-1887 Closes gh-1888
* Manipulation: Check state lost if the name is set for Android 4.0-4.3Michał Gołębiowski2014-11-061-0/+3
| | | | | Refs gh-1820 Closes gh-1841
* Misc: Drop support for older browsers; update support commentsMichał Gołębiowski2014-11-031-4/+1
| | | | | | | | That includes Opera 12.x, Firefox<29, Safari<6.0 and some hacks for old Blackberry. Closes gh-1820 Refs gh-1815
* Support: clean up comments and Support notationDave Methvin2014-06-101-5/+6
| | | | Closes gh-1577
* Manipulation: Change support test to be WWA-friendlyJonathan Sampson2014-03-201-2/+9
| | | | | | | | Setting the innerHTML property in an unsafe manner raises issues in Windows Web Applications. Strings being passed into innerHTML cannot include the name attribute. Closes gh-1537
* Manipulation: Use textarea for missing IE defaultValue checkDave Methvin2014-01-231-8/+5
| | | | | | | | | | IE11 fixed the checkbox defaultValue issue but not textarea. Rather than creating a new detect name I'm reusing the old one to protect anyone who is unwisely using this externally. Re-fixing the defaultValue when it doesn't need to be done is not a problem, so leave that code for IE11. Fixes #14716 Closes gh-1495
* Fix some code style inconsistenciesOleg2013-10-071-2/+2
|
* No ticket: Fix XHTML regression. Close gh-1375.Anthony Ryan2013-09-231-1/+1
|
* Correct the checkClone support test for Safari 5.1 and mobile webkitsTimmy Willison2013-09-111-14/+11
|
* Fix support test for checkClone. Fixes Safari 5.1 manip failures.Timmy Willison2013-09-111-0/+1
|
* All non-var modules should not indent in their AMD wrappers (just for ↵Timmy Willison2013-09-091-11/+13
| | | | prettier builds). No functionality changes.
* No ticket. Update support comments to reflect current state of affairs.Michał Gołębiowski2013-09-071-1/+1
|
* No ticket. Restore checking individual src/**/*.js files by jsHint.Michał Gołębiowski2013-09-061-2/+2
|
* Fix #10814. Make support tests lazy and broken out to components.Michał Gołębiowski2013-09-061-0/+29
|
* AMD-ify jQuery sourcegit s! Woo! Fixes #14113, #14163.Timmy Willison2013-08-152-0/+19
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-08 23:22:27 +0000