| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far, we've been running browser tests on GitHub Actions in Chrome
and Firefox. Regular Safari is not available in GitHub Actions but
Playwright WebKit comes close to a dev version of Safari.
With this change, our GitHub CI & local test runs will invoke tests on
all actively developed browser engines on all PRs.
Also, our GitHub Actions browser tests are now running on Node.js 18.
Detection of the Playwright WebKit browser in support unit tests is done
by checking if the `test_browser` query parameter is set to `"Playwright"`;
this is a `karma-webkit-launcher` feature. Detecting that browser via
user agent as we normally do is hard as the UA on Linux is very similar
to a real Safari one but it actually uses a newer version of the engine.
In addition, we now allow to pass custom browsers when one needs it;
e.g., to run the tests in all three engines on Linux/macOS, run:
```
grunt && BROWSERS=ChromeHeadless,FirefoxHeadless,WebkitHeadless grunt karma:main
```
Closes gh-5190
|
| |
|
|
|
|
|
|
|
| |
The `test/middleware-mockserver.js` file used to have the same ESLint
settings applied as other test files that are directly run in tested
browsers. Now it shares settings of other Node.js files.
The file is now also written using modern JS, leveraging ES2018.
Closes gh-5196
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
jQuery 3.6.2 started using `CSS.supports( "selector(SELECTOR)" )` before using
`querySelectorAll` on the selector. This was to solve gh-5098 - some selectors,
like `:has()`, now had their parameters parsed in a forgiving way, meaning
that `:has(:fakepseudo)` no longer throws but just returns 0 results, breaking
that jQuery mechanism.
A recent spec change made `CSS.supports( "selector(SELECTOR)" )` always use
non-forgiving parsing, allowing us to use this API for what we've used
`try-catch` before.
To solve the issue on the spec side for older jQuery versions, `:has()`
parameters are no longer using forgiving parsing in the latest spec update
but our new mechanism is more future-proof anyway.
However, the jQuery implementation has a bug - in
`CSS.supports( "selector(SELECTOR)" )`, `SELECTOR` needs to be
a `<complex-selector>` and not a `<complex-selector-list>`. Which means that
selector lists now skip `qSA` and go to the jQuery custom traversal:
```js
CSS.supports("selector(div:valid, span)"); // false
CSS.supports("selector(div:valid)"); // true
CSS.supports("selector(span)"); // true
```
To solve this, this commit wraps the selector list passed to
`CSS.supports( "selector(:is(SELECTOR))" )` with `:is`, making it a single
selector again.
See:
* https://w3c.github.io/csswg-drafts/css-conditional-4/#at-supports-ext
* https://w3c.github.io/csswg-drafts/selectors-4/#typedef-complex-selector
* https://w3c.github.io/csswg-drafts/selectors-4/#typedef-complex-selector-list
Fixes gh-5177
Closes gh-5178
Ref w3c/csswg-drafts#7280
|
| |
|
|
|
|
|
| |
The `jQuery.contains` method is quite simple in jQuery 4+. On the other side,
it's a dependency of the core `isAttached` util which is not ideal; moving
it from the `selector` the `core` module resolves the issue.
Closes gh-5167
|
| |
|
|
|
|
|
|
|
| |
Some APIs, like `.prevAll()`, return elements in the reversed order, causing
confusing behavior when used with wrapping methods (see gh-5149 for more info)
To provide an easy workaround, this commit implements a chainable `uniqueSort`
method on jQuery objects, an equivalent of `jQuery.uniqueSort`.
Fixes gh-5166
Closes gh-5168
|
| |
|
|
|
|
| |
Firefox 106 adjusted to the spec mandating that `CSS.supports("selector(...)")`
uses non-forgiving parsing which makes it pass the relevant support test.
Closes gh-5141
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Re-introduce the `selector-native` similar to the one on the `3.x-stable`
branch. One difference is since the `main` branch inlined Sizzle, some
selector utils can be shared between the main `selector` module and
`selector-native`.
The main `selector` module can be disabled in favor of `selector-native`
via:
grunt custom:-selector
Other changes:
* Tests: Fix Safari detection - Chrome Headless has a different user
agent than Safari and a browser check in selector tests didn't take
that into account.
* Tests: Run selector-native tests in `npm test`
* Selector: Fix querying on document fragments
Ref gh-4395
Closes gh-5085
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `<template/>` element `contents` property is a document fragment that may
have a `null` `documentElement`. In Safari 16 this happens in more cases due
to recent spec changes - in particular, even if that document fragment is
explicitly adopted into an outer document. We're testing both of those cases
now.
The crash used to happen in `jQuery.contains`. As it turns out, we don't need
to query the supposed container `documentElement` if it has the
`Node.DOCUMENT_NODE` (9) `nodeType`; we can call `.contains()` directly on
the `document`. That avoids the crash.
Fixes gh-5147
Closes gh-5158
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
According to the docs, one can use `null` as a success function in `jQuery.get`
of `jQuery.post` so the following:
```js
await jQuery.get( "https://httpbin.org/json", null, "text" )
```
should get the text result. However, this shortcut hasn't been working so far.
Fixes gh-4989
Closes gh-5139
|
| |
|
|
|
|
|
|
|
| |
This backports custom pseudos tests from Sizzle; they were missed in original
test backports. Also, the support for legacy custom pseudos has been dropped.
The `jQuery.expr` test cleanup has been wrapped in `try-finally` for cleaner
test isolation in case anything goes wrong.
Closes gh-5137
|
| |
|
|
|
|
|
|
|
|
|
| |
We've already had `buildFragment` extracted to a separate file long ago.
`domManip` is quite a complex & crucial API and so far it has existed within
the `manipulation.js` module. Extracting it makes the module shorter and easier
to understand.
A few comments / messages in tests have also been updated to not suggest there's
a public `jQuery.domManip` API - it's been private since 3.0.0.
Closes gh-5138
|
| |
|
|
|
|
|
|
|
| |
Firefox 96-100 used to report the column number smaller by 2 than it should
in the `parsererror` element generated for invalid XML documents. Since that
version range is unsupported now and it includes no ESR versions, the workaround
can now be dropped.
Closes gh-5109
Ref gh-5018
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The spec requires that CSS variable values are trimmed. In browsers that do
this - mainly, Safari, but also Firefox if the value only has leading
whitespace - we currently return undefined; in other browsers, we return
an empty string as the logic to fall back to undefined happens before
trimming.
This commit adds another explicit callback to `undefined` to have it consistent
across browsers.
Also, more explicit comments about behaviors we need to work around in various
browsers have been added.
Closes gh-5120
Ref gh-5106
|
| |
|
|
|
|
| |
Fixes gh-5105
Closes gh-5106
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
jQuery has followed the following logic for selector handling for ages:
1. Modify the selector to adhere to scoping rules jQuery mandates.
2. Try `qSA` on the modified selector. If it succeeds, use the results.
3. If `qSA` threw an error, run the jQuery custom traversal instead.
It worked fine so far but now CSS has a concept of forgiving selector lists that
some selectors like `:is()` & `:has()` use. That means providing unrecognized
selectors as parameters to `:is()` & `:has()` no longer throws an error, it will
just return no results. That made browsers with native `:has()` support break
selectors using jQuery extensions inside, e.g. `:has(:contains("Item"))`.
Detecting support for selectors can also be done via:
```js
CSS.supports( "selector(SELECTOR_TO_BE_TESTED)" )
```
which returns a boolean. There was a recent spec change requiring this API to
always use non-forgiving parsing:
https://github.com/w3c/csswg-drafts/issues/7280#issuecomment-1143852187
However, no browsers have implemented this change so far.
To solve this, two changes are being made:
1. In browsers supports the new spec change to `CSS.supports( "selector()" )`,
use it before trying `qSA`.
2. Otherwise, add `:has` to the buggy selectors list.
Fixes gh-5098
Closes gh-5107
Ref w3c/csswg-drafts#7676
|
| |
|
|
|
|
|
|
| |
Without this fix, the layout is fine during the test run but all the CSS is gone
when tests finish and the results are shown.
This affects commands like `grunt karma:chrome-debug`.
Closes gh-5090
|
| |
|
|
|
|
|
|
|
|
| |
Introduces a new test API, `includesModule`. The method returns whether
a particular module like "ajax" or "deprecated" is included in the current
jQuery build; it handles the slim build as well. The util was created so that
we don't treat presence of particular APIs to decide whether to run a test as
then if we accidentally remove an API, the tests would still not fail.
Fixes gh-5069
Closes gh-5046
|
| |
|
|
|
|
|
| |
`jQuery.fx.interval` has been deprecated since jQuery 3.0.0 but it has been
still used in jQuery code until this change. This commit removes the definition
and explicitly uses the `13` number in its place.
Closes gh-5017
|
| |
|
|
|
| |
See https://bugzilla.mozilla.org/show_bug.cgi?id=1751796
Closes gh-5018
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change makes jQuery skip falsy values in `addClass( array )`
& `removeClass( array )` instead of stopping iteration when the first falsy
value is detected. This makes code like:
```js
elem.addClass( [ "a", "", "b" ] );
```
add both the `a` & `b` classes.
The code was also optimized for size a bit so it doesn't increase the
minified gzipped size.
Fixes gh-4998
Closes gh-5003
|
| |
|
|
|
|
|
|
|
|
| |
Without this fix calling `jQuery.uniqueSort` on an array-like can result in:
TypeError: results.splice is not a function
at Function.jQuery.uniqueSort (https://code.jquery.com/jquery-git.js:664:12)
at jQuery.fn.init.find (https://code.jquery.com/jquery-git.js:2394:27)
at gocusihafe.js:3:4
Closes gh-4986
|
| |
|
|
|
|
|
|
| |
PR gh-4993 changed a few too many issue references to `trac-NUMBER` ones. This
change fixes them. It also fixes a typo in one Trac issue number in selector
tests.
Ref gh-4993
Closes gh-4995
|
| |
|
|
| |
Ref gh-4981
Ref gh-4991
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The GitHub UI treats `#NUMBER` as referring to its own issues which is confusing
when in jQuery source it's usually referring to the old deprecated Trac instance
at https://bugs.jquery.com. This change replaces all such Trac references with
`trac-NUMBER`.
A few of the references came with the Sizzle integration and referred to the
Sizzle GitHub bug tracker. Those have been replaced with full links instead.
A new entry describing issue reference conventions has been added to README.
Closes gh-4993
|
| |
|
|
|
|
|
| |
TestSwarm is now proxied via Cloudflare which cuts out headers relevant for
ETag tests, failing them. We're still running those tests in Karma on Chrome
& Firefox (including Firefox ESR).
Closes gh-4974
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In HTTP/2, status message is not supported and whatever is reported as
statusText differs between browsers. In Chrome & Safari it's "success", in
Firefox & IE it's "OK". So far "success" wasn't allowed. This made the tests
pass locally if you're running an HTTP/1.1 server but on TestSwarm which is
now proxied via an HTTP/2-equipped Cloudflare, the relevant test started failing
in Chrome & Safari.
Allow "success" to resolve the issue.
Closes gh-4973
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Stringifying attributes in the setter was needed for IE <=9 but it breaks
trusted types enforcement when setting a script `src` attribute.
Note that this doesn't mean script execution works. Since jQuery disables all
scripts by changing their type and then executes them by creating fresh script
tags with proper `src` & possibly other attributes, this unwraps any trusted
`src` wrappers, making the script not execute under strict CSP settings.
We might try to fix it in the future in a separate change.
Fixes gh-4948
Closes gh-4949
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This ensures HTML wrapped in TrustedHTML can be used as an input to jQuery
manipulation methods in a way that doesn't violate the
`require-trusted-types-for` Content Security Policy directive.
This commit builds on previous work needed for trusted types support, including
gh-4642 and gh-4724.
One restriction is that while any TrustedHTML wrapper should work as input
for jQuery methods like `.html()` or `.append()`, for passing directly to the
`jQuery` factory the string must start with `<` and end with `>`; no trailing
or leading whitespaces are allowed. This is necessary as we cannot parse out
a part of the input for further construction; that would violate the CSP rule -
and that's what's done to HTML input not matching these constraints.
No trusted types API is used explicitly in source; the majority of the work is
ensuring we don't pass the input converted to string to APIs that would
eventually assign it to `innerHTML`. This extra cautiousness is caused by the
API being Blink-only, at least for now.
The ban on passing strings to `innerHTML` means support tests relying on such
assignments are impossible. We don't currently have such tests on the `main`
branch but we used to have many of them in the 3.x & older lines. If there's
a need to re-add such a test, we'll need an escape hatch to skip them for apps
needing CSP-enforced TrustedHTML.
See https://web.dev/trusted-types/ for more information about TrustedHTML.
Fixes gh-4409
Closes gh-4927
Ref gh-4642
Ref gh-4724
|
| |
|
|
|
|
| |
For some reason the current setup worked fine with Apache but broke for me when
I migrated to nginx.
Closes gh-4936
|
| | |
|
| |
|
|
|
|
|
|
| |
The spec has recently changed and CSS Custom Properties values are trimmed now.
This change makes jQuery polyfill that new behavior for all browsers.
Ref w3c/csswg-drafts#774
Fixes gh-4926
Closes gh-4930
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When evaluating scripts, jQuery strips out the possible wrapping HTML comment
and a CDATA section. However, all supported browsers are already doing that
when loading JS via appending a script tag to the DOM which is how we've been
doing `jQuery.globalEval` since jQuery 3.0.0. jQuery logic was imperfect, e.g.
it just stripped the `<!--` and `-->` markers, respectively at the beginning or
the end of the script contents. However, browsers are also stripping everything
following those markers in the same line, treating them as single-line comments
delimiters; this is now also mandated by ECMAScript 2015 in Annex B. Instead
of fixing the jQuery logic, just let the browser do its thing.
We also used to strip CDATA sections. However, this shouldn't be needed as in
XML documents they're already not visible when inspecting element contents and
in HTML documents they have no meaning. We've preserved that behavior for
backwards compatibility in 3.x but we're removing it for 4.0.
Fixes gh-4904
Closes gh-4906
|
| |
|
|
|
| |
Also, remove unused `expected` property in `css` test cases.
Closes gh-4866
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `_default` function in the special event settings for focus/blur has
always returned `true` since gh-4813 as the event was already being fired
from `leverageNative`. However, that only works if there's an active handler
on that element; this made a quick consecutive call:
```js
elem.on( "focus", function() {} ).off( "focus" );
```
make subsequent `.trigger( "focus" )` calls to not do any triggering.
The solution, already used in a similar `_default` method for the `click` event,
is to check for the `dataPriv` entry on the element for the focus event
(similarly for blur).
Fixes gh-4867
Closes gh-4885
|
| |
|
|
|
|
|
|
|
|
|
| |
Only allow alphanumeric characters & underscores for callback parameters.
The change is done both for the PHP server as well as the Node.js-based version.
This is only test code so we're not fixing any security issue but it happens
often enough that the whole jQuery repository directory structure is deployed
onto the server with PHP enabled that it makes is easy to introduce security
issues if this cleanup is not done.
Ref gh-4764
Closes gh-4871
|
| |
|
|
|
|
|
| |
Chrome & Firefox now support complex `:not()` selectors so those test can run
in them even without custom jQuery selector code. In the past, it was only
possible in Safari, now we only need to exclude IE.
Closes gh-4864
|
| |
|
|
|
|
|
| |
That package was missed in gh-4865 as it only broke browsers needing the
polyfill which is just IE at the moment. Thus, it broke Core tests in IE only.
Ref gh-4865
Closes gh-4870
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In gh-4466, we removed the `external` directory in favor of loading some files
directly from `node_modules`. This works fine locally but when deploying code
for tests, this makes it impossible to not deploy `node_modules` as well. To
avoid the issue, this change restores usage of the `external` directory.
One change is that we no longer commit this directory to the repository, its
only purpose is to have clear isolation from `node_modules`.
Ref gh-4466
Closess gh-4865
|
| |
|
|
|
|
| |
The default branch was updated, this updates the remaining occurrences in code
& comments.
Closes gh-4838
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
PR gh-2588 made jQuery stop auto-execute cross-domain scripts unless
`dataType: "script"` was explicitly provided; this change landed in jQuery
3.0.0. This change extends that logic same-domain scripts as well.
After this change, to request a script under a provided URL to be evaluated,
you need to provide `dataType: "script` in `jQuery.ajax` options or to use
`jQuery.getScript`.
Fixes gh-4822
Closes gh-4825
Ref gh-2432
Ref gh-2588
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Two issues are fixed in testing for responses with a script Content-Type not
getting auto-executed unless an explicit `dataType: "script"` is provided:
* the test is now using a correct "text/javascript" Content-Type; it was using
"text/html" until now which doesn't really check if the fix works
* the Node.js based version of the tests didn't account for an empty `header`
query string parameter
Closes gh-4824
Ref gh-2432
Ref gh-2588
Ref 39cdb8c9aa0fde68f733553ba050a2ba9d86474c
|
| |
|
|
|
|
|
|
| |
Firefox incorrectly (or perhaps correctly) includes table borders in computed
dimensions, but they are the only one. Workaround this by testing for it and
falling back to offset properties
Fixes gh-4529
Closes gh-4808
|
| |
|
|
| |
Fixes gh-4784
Closes gh-4816
|
| |
|
|
| |
Fixes gh-4782
Closes gh-4814
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If during a focus handler another focus event is triggered:
```js
elem1.on( "focus", function() {
elem2.trigger( "focus" );
} );
```
due to their synchronous nature everywhere outside of IE the hack added in
gh-4279 to leverage native events causes the native `.focus()` method to be
called last for the initial element, making it steal the focus back. Since
the native method is already being called in `leverageNative`, we can skip that
final call.
This aligns with changes to the `_default` method for the `click` event that
were added when `leverageNative` was introduced there.
A side effect of this change is that now `focusin` will only propagate to the
document for the last focused element. This is a change in behavior but it also
aligns us better with how this works with native methods.
Fixes gh-4382
Closes gh-4813
Ref gh-4279
|
| |
|
|
|
|
|
|
|
|
| |
In Chrome, if an element having a `focusout` handler is blurred by
clicking outside of it, it invokes the handler synchronously. If
that handler calls `.remove()` on the element, the data is cleared,
leaving private data undefined. We're reading a property from that
data so we need to guard against this.
Fixes gh-4417
Closes gh-4799
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Drop support for Edge Legacy: the non-Chromium, EdgeHTML-based Microsoft
Edge version. Also, restrict some workarounds that were applied
unconditionally in all browsers to run only in IE now. This slightly
increases the size but reduces the performance burden on modern browsers
that don't need the workarounds.
Also, clean up some comments & remove some obsolete workarounds.
Fixes gh-4568
Closes gh-4792
|
| |
|
|
|
|
| |
Fixes gh-4542
Closes gh-4563
Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This aligns the Node.js server with the previous PHP one in sending `mock.php`
as a callback if there's no `callback` parameter in the query string which is
triggered by a recently added test. This prevents the request crashing on that
Node.js server and printing a JS error:
```
TypeError: Cannot read property '1' of null
```
Closes gh-4764
Ref gh-4754
|
| |
|
|
|
|
|
|
| |
The test has been already skipped in Chrome as it dropped support for such
requests and now Safari has joined the squad.
This will resolve AJAX test errors we've had for a while in Safari 13 & iOS 13.
Closes gh-4779
|
