If you generate a Checkboxradio from a checkbox/radio with a label that
contains encoded HTML, e.g. `<em>test</em>` this will work fine
at first. If, however a refresh is triggered on that instance (explicitly or
e.g. by turning it into a `Controlgroup`), the previously escaped HTML will
now be evaluated.
If the label was created based on some user input, this could lead to
unexpected code execution even though the initial output was escaped.
Fixes gh-2101
Closes gh-2102
This helps fix issues that make tooltip tests sometimes fail when run against
jQuery 3.2 or newer due to timing differences.
Details:
* Add the `moduleAfterEach` function ensuring no timers are running.
* Attach this function via `common.testWidget`.
* Attach this function to most test suites.
* Add a tooltip test helper cleaning up leftover timers.
* Rename legacy `setup`/`teardown` hooks to `beforeEach`/`afterEach`.
Closes gh-1920
Summary of the changes:
* Build: Add jQuery 3.2.0-3.4.1 to versions UI can be tested against
* Build: Load jQuery & Migrate via HTTPS
* Build: Add package-lock.json to .gitignore
* Build: Update jQuery Migrate from 3.0.0 to 3.1.0
* Build: Allow to run tests against jQuery 3.x-git
* Build: Fix formatting according to JSCS rules
* Build: Disable JSCS for the inlined jQuery Color
* All: Switch from $.isArray to Array.isArray (jQuery.isArray will be
removed in jQuery 4.0)
* All: Switch from `$.isFunction( x )` to `typeof x === "function"`
(jQuery.isFunction will be removed in jQuery 4.0)
* All: Inline jQuery.isWindow as it'll be removed in jQuery 4.0
* Effects: Fix a timing issue in a variable declaration. Previously,
a jQuery object was created, chained & assigned to a variable that
was then accessed in a callback used inside of this chained
definition. Due to a timing difference in when the callback fired for
the first time in latest jQuery master, it was being called before
the variable was defined.
* Tests: Make dialog & draggable unit tests less strict (newest jQuery
returns fractional results in some cases, making comparisons fail when
there's a tiny difference)
* All: Migrate from $.trim to bare String.prototype.trim (jQuery.trim
will be deprecated in jQuery 3.5)
Closes gh-1901