If you generate a Checkboxradio from a checkbox/radio with a label that
contains encoded HTML, e.g. `<em>test</em>` this will work fine
at first. If, however a refresh is triggered on that instance (explicitly or
e.g. by turning it into a `Controlgroup`), the previously escaped HTML will
now be evaluated.
If the label was created based on some user input, this could lead to
unexpected code execution even though the initial output was escaped.
Fixes gh-2101
Closes gh-2102
jQuery UI 1.13.0 changed the logic attaching the `_untrackClassesElement`
listener in the `_classes` widget method; one of the side effects was calling
`this._on` for each node that needed the listener. That caused a severe
performance degradation for large comboboxes as each `_on` jQuery UI call
causes a jQuery `add` call that calls Sizzle's `uniqueSort` underneath.
Instead, collect the nodes that need the listener and then, outside of the loop,
create a jQuery object out of them and attach the listener once. That's still
slower than the jQuery 1.12 version but only slightly: 936 ms to 1.03s on a very
large list on a recent MacBook Pro, compared to ~30 seconds before this patch.
Fixes gh-2014
Closes gh-2037
This fixes the issue caused by https://bugs.jqueryui.com/ticket/9357.
We now empty the live region instead of appending to it, and we do so
after a brief timeout so the live region isn't updated on every mousemove
event or when quickly traversing through options.
Fixes gh-2002
Closes gh-2031
Due to the fact the widget factory code is now in strict mode, the check for
being called without using the `new` keyword started breaking if you save the
widget constructor to a variable before calling it:
```js
var customWidget = $.custom.customWidget;
customWidget( {}, elem );
```
as then `this` is undefined and checking for `this._createWidget` crashes.
Account for that with an additional check.
Fixes gh-2015
Closes gh-2019
PR gh-1793 removed setting `this.offset.parent` in the Draggable
`refreshPositions` method which broke position calculations when moving
a Draggable item into a connected Sortable. restore that assignment.
Ref gh-1793
Fixes gh-2001
Closes gh-2009
Note that container specific events will not fire when the dragged element
is interacting with zero height containers.
Fixes gh-1998
Closes gh-2008
Co-authored-by: A. Wells <borgboyone@users.noreply.github.com>
Commit 1f2011ece removed a `try-catch` around triggering the `remove` handlers
in the `jQuery.cleanData` override. The `try-catch` was meant for old IE but it was
also catching an error coming from the tooltip `remove` handler depending on
being able to find a relevant tooltip. The `_find` method returns `null`, though,
when the tooltip cotent is empty.
Instead of restoring the `try-catch`, handle the `null` case in the `remove` handler.
Fixes gh-1990
Closes gh-1994
Co-authored-by: Claas Augner <github@caugner.de>
Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
Add a new option named onUpdateDatepicker that allows a custom callback
to be provided. If provided, the callback is called at the end of
$.datepicker._updateDatepicker.
Instead of using enormous HTML strings, various elements are now constructed
using jQuery APIs. This makes it more obvious user-provided data is used
correctly.
Fixes#15284
Closes gh-1953
In IE in jQuery 3.4+ a sequence:
```js
$( inputNode ).trigger( "focus" ).trigger( "blur" ).trigger( "focus" );
```
doesn't end up with a focused input. However, in this test we only want to check
that the last focused input receives the focus back when `_focusTabbable()` is
called which in reality doesn't happen so quickly so let's avoid the issue by
waiting a bit.
Ref jquery/jquery#4856
Closes gh-1951
Some of the APIs return fractional values in newer jQueries, making comparisons
sometimes not being 100% accurate. Allow some delta.
This is similar to what was already done in
98b539171b but a few cases affecting IE and/or
Edge Legacy were missed.
Closes gh-1947
jQuery >=3.4.0 uses a special focus/blur handler pair needed to fix various
issues with checkboxes/radio buttons as well as being able to pass data in focus
triggers. This leaves extra focus & blur events if any of these events were ever
listened to at a particular element.
We've started skipping these handlers in the `domEqual` assertion in gh-1930 but
we missed a case where an event is triggered before any handler is attached -
jQuery >=3.4.0 attaches then an extra noop listener just to force the code path
to go through the setup code before the trigger happens. We now skip this extra
handler as well.
This fixes a test failure in "dialog: methods" destroy tests.
Closes gh-1945
Ref jquery/jquery#4496
Ref gh-1930
jQuery >=3.4.0 uses a special focus/blur handler pair
needed to fix various issues with checkboxes/radio buttons
as well as being able to pass data in focus triggers.
However, this leaves dummy focus & blur events if any of these
events were ever listened to at a particular element. There's not
a lot UI can do to fix this so we now just skip these handlers for
data comparisons in tests.
Ref jquery/jquery#4496
Closes gh-1930
Co-authored-by: Richard Gibson <richard.gibson@gmail.com>
jQuery 3.2 & newer have a different animation logic and the animated elements
width/height differ from the starting ones even at the beginning of the
animation. The point of the assertions checking that they're identical was
to ensure bug #5245 is fixed; that issue manifested by a big jump to half the
element size. To test for that, it's enough to check that the first obtained
values are close to the original ones.
This makes effects tests pass in all supported jQuery versions.
Closes gh-1928
Ref #5245
This helps fix issues that make tooltip tests sometimes fail when run against
jQuery 3.2 or newer due to timing differences.
Details:
* Add the `moduleAfterEach` function ensuring no timers are running.
* Attach this function via `common.testWidget`.
* Attach this function to most test suites.
* Add a tooltip test helper cleaning up leftover timers.
* Rename legacy `setup`/`teardown` hooks to `beforeEach`/`afterEach`.
Closes gh-1920
jQuery positional selectors () have been deprecated in
[jQuery 3.4.0](https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/)
and they'll be removed in jQuery 4.0.0. This PR removes their usage.
Most of the changes were possible without changing public API. However,
dropping `:even` usage required a change to the
[`header` option](https://api.jqueryui.com/accordion/#option-header)
of the accordion widget. I made it an optional function; this will need
to be documented.
The polyfill for `.even()` & `.odd()` is added for jQuery <3.5.0. There was
no usage of the :odd selector in the code but the `.odd()` method is also
polyfilled for completeness.
Closes gh-1904
Summary of the changes:
* Build: Add jQuery 3.2.0-3.4.1 to versions UI can be tested against
* Build: Load jQuery & Migrate via HTTPS
* Build: Add package-lock.json to .gitignore
* Build: Update jQuery Migrate from 3.0.0 to 3.1.0
* Build: Allow to run tests against jQuery 3.x-git
* Build: Fix formatting according to JSCS rules
* Build: Disable JSCS for the inlined jQuery Color
* All: Switch from $.isArray to Array.isArray (jQuery.isArray will be
removed in jQuery 4.0)
* All: Switch from `$.isFunction( x )` to `typeof x === "function"`
(jQuery.isFunction will be removed in jQuery 4.0)
* All: Inline jQuery.isWindow as it'll be removed in jQuery 4.0
* Effects: Fix a timing issue in a variable declaration. Previously,
a jQuery object was created, chained & assigned to a variable that
was then accessed in a callback used inside of this chained
definition. Due to a timing difference in when the callback fired for
the first time in latest jQuery master, it was being called before
the variable was defined.
* Tests: Make dialog & draggable unit tests less strict (newest jQuery
returns fractional results in some cases, making comparisons fail when
there's a tiny difference)
* All: Migrate from $.trim to bare String.prototype.trim (jQuery.trim
will be deprecated in jQuery 3.5)
Closes gh-1901