If you generate a Checkboxradio from a checkbox/radio with a label that
contains encoded HTML, e.g. `<em>test</em>` this will work fine
at first. If, however a refresh is triggered on that instance (explicitly or
e.g. by turning it into a `Controlgroup`), the previously escaped HTML will
now be evaluated.
If the label was created based on some user input, this could lead to
unexpected code execution even though the initial output was escaped.
Fixes gh-2101
Closes gh-2102
This fixes the issue caused by https://bugs.jqueryui.com/ticket/9357.
We now empty the live region instead of appending to it, and we do so
after a brief timeout so the live region isn't updated on every mousemove
event or when quickly traversing through options.
Fixes gh-2002
Closes gh-2031
PR gh-1793 removed setting `this.offset.parent` in the Draggable
`refreshPositions` method which broke position calculations when moving
a Draggable item into a connected Sortable. restore that assignment.
Ref gh-1793
Fixes gh-2001
Closes gh-2009
Note that container specific events will not fire when the dragged element
is interacting with zero height containers.
Fixes gh-1998
Closes gh-2008
Co-authored-by: A. Wells <borgboyone@users.noreply.github.com>
Commit 1f2011ece removed a `try-catch` around triggering the `remove` handlers
in the `jQuery.cleanData` override. The `try-catch` was meant for old IE but it was
also catching an error coming from the tooltip `remove` handler depending on
being able to find a relevant tooltip. The `_find` method returns `null`, though,
when the tooltip cotent is empty.
Instead of restoring the `try-catch`, handle the `null` case in the `remove` handler.
Fixes gh-1990
Closes gh-1994
Co-authored-by: Claas Augner <github@caugner.de>
Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
We're not removing any deprecated API or legacy browser support in 1.13,
re-target comments to mention 1.14.
It's not guaranteed 1.14 will ever get released but if it will, it sounds like
a good moment to do those removals.
Closes gh-1970
Add a new option named onUpdateDatepicker that allows a custom callback
to be provided. If provided, the callback is called at the end of
$.datepicker._updateDatepicker.
Instead of using enormous HTML strings, various elements are now constructed
using jQuery APIs. This makes it more obvious user-provided data is used
correctly.
Fixes#15284
Closes gh-1953
Focus re-triggering in jQuery 3.4/3.5 makes the original element
have its focus event propagated last, breaking the re-targeting.
Trigger focus in a delay in addition if needed to avoid the issue.
This fixes the "interaction between overlay and other dialogs" core dialog
test when tested against jQuery 3.4/3.5.
Closes gh-1946
Ref jquery/jquery#4382
jQuery >=3.2 doesn't include scrollbars in `.height()`, this commit switches
it to `.innerHeight()` which does so in jQuery >=3.3. In jQuery 3.2 it doesn't
either so include scrollbars in innerHeight, add it back.
Using `.innerHeight()` instead of `.height()` should be fine as menu doesn't
define padding styles.
Closes gh-1929
jQuery positional selectors () have been deprecated in
[jQuery 3.4.0](https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/)
and they'll be removed in jQuery 4.0.0. This PR removes their usage.
Most of the changes were possible without changing public API. However,
dropping `:even` usage required a change to the
[`header` option](https://api.jqueryui.com/accordion/#option-header)
of the accordion widget. I made it an optional function; this will need
to be documented.
The polyfill for `.even()` & `.odd()` is added for jQuery <3.5.0. There was
no usage of the :odd selector in the code but the `.odd()` method is also
polyfilled for completeness.
Closes gh-1904
Summary of the changes:
* Build: Add jQuery 3.2.0-3.4.1 to versions UI can be tested against
* Build: Load jQuery & Migrate via HTTPS
* Build: Add package-lock.json to .gitignore
* Build: Update jQuery Migrate from 3.0.0 to 3.1.0
* Build: Allow to run tests against jQuery 3.x-git
* Build: Fix formatting according to JSCS rules
* Build: Disable JSCS for the inlined jQuery Color
* All: Switch from $.isArray to Array.isArray (jQuery.isArray will be
removed in jQuery 4.0)
* All: Switch from `$.isFunction( x )` to `typeof x === "function"`
(jQuery.isFunction will be removed in jQuery 4.0)
* All: Inline jQuery.isWindow as it'll be removed in jQuery 4.0
* Effects: Fix a timing issue in a variable declaration. Previously,
a jQuery object was created, chained & assigned to a variable that
was then accessed in a callback used inside of this chained
definition. Due to a timing difference in when the callback fired for
the first time in latest jQuery master, it was being called before
the variable was defined.
* Tests: Make dialog & draggable unit tests less strict (newest jQuery
returns fractional results in some cases, making comparisons fail when
there's a tiny difference)
* All: Migrate from $.trim to bare String.prototype.trim (jQuery.trim
will be deprecated in jQuery 3.5)
Closes gh-1901
The old logic worked when all widgets of the same type used the same
event namespace. However, now that each instance has its own namespace,
we cannot use `_on()` for shared event handlers.
Fixes#15182
Closes gh-1817
* Created _scroll extension point and migrated scroll code from _mouseDrag
* Cleaned up logic for scrolled
* Fixed appendTo functionality to match documentation
* Remove unnecessary function calls
* Move set-up position functions to appropriate place
* Base scrollParent on placeholder and not helper
* Update scrollParent when switching containers
Fixes#3173Fixes#15165Fixes#15166Fixes#15167Fixes#15168Fixes#15169Fixes#15170
Closes gh-1793
IE11 and scrolling autocompletes didn't get along great; this should help fix
their relationship.
When you click on an autocomplete scrollbar in IE11, the menu temporarily
gains focus, which caused a couple problems.
1. Depending on how long you clicked, the dropdown could close.
2. Scrolling down by clicking the scrollbar's down arrow would misbehave. The
list would pop back up to the top with the first item selected.
We can fix both problems by modifying the focus/blur handling a bit.
1. There is a flag to instruct the control to ignore blurs, but it was getting
cleared too quickly; when the code refocused the input after it was blurred,
IE would send *another* blur event, which wasn't getting ignored and would
close the dropdown. We now wait for the focus/blur pair to process before
clearing the flag.
2. We remove the tabindex from the dropdown menu, which prevents menu's focus
handler from firing. When you focus a menu, it will select the first menu item
if none are selected. Selecting a menu item will scroll it into view if it's
not visible. This combination of behaviors was causing the strange behavior
when attempting to scroll down.
I couldn't figure out a way to write a unit test for this, since it's IE only
and seems to require user interaction. You can verify the previous behavior
(and the fix) on `demos/autocomplete/maxheight.html`
Fixes#9638
Closes gh-1785