From c20e031058c6210a1ed753f75af80588f076d60d Mon Sep 17 00:00:00 2001 From: timmywil Date: Wed, 20 Jun 2012 16:19:06 -0400 Subject: Revert "Adjust jQuery('html') detection to only match when html starts with '<' (counting space characters). Fixes #11290" This reverts commit 239fc86b01d52fd9df6d1963027ed37b4f6251fc. The consensus is that this would change behavior too abruptly. We will warn in 1.8 and do this in 1.9. --- src/core.js | 5 +++-- test/unit/core.js | 4 +++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/core.js b/src/core.js index 14a653916..1bf7e5603 100644 --- a/src/core.js +++ b/src/core.js @@ -40,8 +40,9 @@ var trimRight = /\s+$/, // A simple way to check for HTML strings - // If starts-with '<' - rhtmlString = /^\s*(<[\w\W]+>)[^>]*$/, + // Prioritize #id over to avoid XSS via location.hash (#9521) + // Ignore html if within quotes "" '' or brackets/parens [] () + rhtmlString = /^(?:[^#<\\]*(<[\w\W]+>)(?![^\[]*\])(?![^\(]*\))(?![^']*')(?![^"]*")[^>]*$)/, // Match a standalone tag rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>)?$/, diff --git a/test/unit/core.js b/test/unit/core.js index 200f045db..0b392adf1 100644 --- a/test/unit/core.js +++ b/test/unit/core.js @@ -27,7 +27,7 @@ test("jQuery()", function() { div = jQuery("
"), exec = false, long = "", - expected = 24, + expected = 26, attrObj = { click: function() { ok( exec, "Click executed." ); }, text: "test", @@ -132,12 +132,14 @@ test("jQuery()", function() { elem.remove(); equal( jQuery("
").length, 1, "Make sure whitespace is trimmed." ); + equal( jQuery(" a
b ").length, 1, "Make sure whitespace and other characters are trimmed." ); for ( i = 0; i < 128; i++ ) { long += "12345678"; } equal( jQuery("
" + long + "
").length, 1, "Make sure whitespace is trimmed on long strings." ); + equal( jQuery(" a
" + long + "
b ").length, 1, "Make sure whitespace and other characters are trimmed on long strings." ); }); test("selector state", function() { -- cgit v1.2.3