This is an edge case and it only affects code accepting untrusted input as
a widget name, but it's still technically correct to filter these out.
Closes gh-2310
The previous private `_sanitizeSelector` API was not correctly escaping
backslashes and is now removed. The native API should always be correct.
Closes gh-2307
The ESLint config for `demos` extends the one for the `ui` directory. However,
the `ui` one used to not be a root one, making the `demos` one effectively not
depend on the `jquery` preset. Fix that and fix lots of lint violations in
`demos/search.js`.
Closes gh-2303
Implement a new option: `uiDialogTitleHeadingLevel`, allowing to change
the `span` wrapping the dialog title into a heading element (`h1`-`h6`).
Value `0` represents the `span`, values 1-6 - a heading at the specified
level.
Fixes gh-2271
Closes gh-2275
When the datepicker UI is shown and then destroyed programmatically:
```js
$( "#datepicker" ).datepicker( "destroy" );
```
hide the datepicker UI without the need for an explicit user action.
Previously, in 1.12 the UI would not disappear immediately but only after the
first `mousedown`. In later 1.13 versions, the UI would not disappear at all.
Fixes gh-2178
Closes gh-2268
Reflect the `modal` dialog option into the `aria-modal` attribute -
when `modal` is `true`, set `aria-modal` to `"true"`.
This helps some accessibility tools like VoiceOver with their rotor
functionality as it reduces the number of elements presented.
Fixes gh-2246
Closes gh-2257
Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
Avoid relying on jQuery patches. Instead:
* use `CSS.escape` instead of `jQuery.escapeSelector`
* use `.filter()` with a proper handler instead of `.even()`
Keep `jquery-patch.js` for backwards compatibility, though.
Also, add tests for jquery-patch.
Ref gh-2249
The workaround triggering a second delayed focus to a tabbable element was
applied in jQueries 3.4 & 3.5 to fix IE issues. It also needs to be applied
in jQuery 3.6 which this commit adds.
This will no longer be needed in jQuery 3.7 and jQuery 3.x-git tests are
already passing because of that.
Closes gh-2160
Change a2b25ef6ca made options with
the `hidden` attribute skipped when rendering. However, that makes
indexes misaligned with native options as hidden ones maintain their
index values. Instead, don't skip hidden options but add the `hidden`
attribute to the respective jQuery UI elements as well.
Fixes gh-2082
Closes gh-2144
Ref a2b25ef6ca
If you generate a Checkboxradio from a checkbox/radio with a label that
contains encoded HTML, e.g. `<em>test</em>` this will work fine
at first. If, however a refresh is triggered on that instance (explicitly or
e.g. by turning it into a `Controlgroup`), the previously escaped HTML will
now be evaluated.
If the label was created based on some user input, this could lead to
unexpected code execution even though the initial output was escaped.
Fixes gh-2101
Closes gh-2102
jQuery UI 1.13.0 changed the logic attaching the `_untrackClassesElement`
listener in the `_classes` widget method; one of the side effects was calling
`this._on` for each node that needed the listener. That caused a severe
performance degradation for large comboboxes as each `_on` jQuery UI call
causes a jQuery `add` call that calls Sizzle's `uniqueSort` underneath.
Instead, collect the nodes that need the listener and then, outside of the loop,
create a jQuery object out of them and attach the listener once. That's still
slower than the jQuery 1.12 version but only slightly: 936 ms to 1.03s on a very
large list on a recent MacBook Pro, compared to ~30 seconds before this patch.
Fixes gh-2014
Closes gh-2037
This fixes the issue caused by https://bugs.jqueryui.com/ticket/9357.
We now empty the live region instead of appending to it, and we do so
after a brief timeout so the live region isn't updated on every mousemove
event or when quickly traversing through options.
Fixes gh-2002
Closes gh-2031
Due to the fact the widget factory code is now in strict mode, the check for
being called without using the `new` keyword started breaking if you save the
widget constructor to a variable before calling it:
```js
var customWidget = $.custom.customWidget;
customWidget( {}, elem );
```
as then `this` is undefined and checking for `this._createWidget` crashes.
Account for that with an additional check.
Fixes gh-2015
Closes gh-2019
PR gh-1793 removed setting `this.offset.parent` in the Draggable
`refreshPositions` method which broke position calculations when moving
a Draggable item into a connected Sortable. restore that assignment.
Ref gh-1793
Fixes gh-2001
Closes gh-2009
Note that container specific events will not fire when the dragged element
is interacting with zero height containers.
Fixes gh-1998
Closes gh-2008
Co-authored-by: A. Wells <borgboyone@users.noreply.github.com>
Commit 1f2011ece removed a `try-catch` around triggering the `remove` handlers
in the `jQuery.cleanData` override. The `try-catch` was meant for old IE but it was
also catching an error coming from the tooltip `remove` handler depending on
being able to find a relevant tooltip. The `_find` method returns `null`, though,
when the tooltip cotent is empty.
Instead of restoring the `try-catch`, handle the `null` case in the `remove` handler.
Fixes gh-1990
Closes gh-1994
Co-authored-by: Claas Augner <github@caugner.de>
Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
We need to create a local jQuery because jQuery Color relies on it and the
global may not exist with AMD and a custom build (trac-10199). This worked
in UI 1.12 but stopped in 1.13 as jQuery Color is now sourced as an AMD module
and the variable started being defined after jQuery Color code. To restore the
proper order, move the variable declaration to a separate small module loaded
before jQuery Color.
Closes gh-1973
We're not removing any deprecated API or legacy browser support in 1.13,
re-target comments to mention 1.14.
It's not guaranteed 1.14 will ever get released but if it will, it sounds like
a good moment to do those removals.
Closes gh-1970
Add a new option named onUpdateDatepicker that allows a custom callback
to be provided. If provided, the callback is called at the end of
$.datepicker._updateDatepicker.
Instead of using enormous HTML strings, various elements are now constructed
using jQuery APIs. This makes it more obvious user-provided data is used
correctly.
Fixes#15284
Closes gh-1953
Focus re-triggering in jQuery 3.4/3.5 makes the original element
have its focus event propagated last, breaking the re-targeting.
Trigger focus in a delay in addition if needed to avoid the issue.
This fixes the "interaction between overlay and other dialogs" core dialog
test when tested against jQuery 3.4/3.5.
Closes gh-1946
Ref jquery/jquery#4382
Fix for `options === true` when using jQuery UI under `use strict`,
which throws:
```
Uncaught TypeError: Cannot create property 'complete' on boolean 'true'
```
on line:
```js
options.complete = callback;
```
Closes gh-1931
jQuery >=3.2 doesn't include scrollbars in `.height()`, this commit switches
it to `.innerHeight()` which does so in jQuery >=3.3. In jQuery 3.2 it doesn't
either so include scrollbars in innerHeight, add it back.
Using `.innerHeight()` instead of `.height()` should be fine as menu doesn't
define padding styles.
Closes gh-1929
