From 05531fc4080ae24070930d15ae0cea7ae056457d Mon Sep 17 00:00:00 2001 From: timmywil Date: Wed, 20 Jun 2012 11:19:24 -0400 Subject: [PATCH] Adjust jQuery('html') detection to only match when html starts with '<' (not counting space characters). Fixes #11290. --- src/core.js | 3 ++- src/sizzle | 2 +- test/unit/core.js | 12 ++++-------- test/unit/selector.js | 14 +++++++++++++- test/unit/traversing.js | 2 +- 5 files changed, 21 insertions(+), 12 deletions(-) diff --git a/src/core.js b/src/core.js index 2e794fb25..844eb1593 100644 --- a/src/core.js +++ b/src/core.js @@ -49,7 +49,8 @@ var // A simple way to check for HTML strings // Prioritize #id over to avoid XSS via location.hash (#9521) - rquickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*|#([\w-]*))$/, + // Strict HTML recognition (#11290: must start with <) + rquickExpr = /^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/, // Match a standalone tag rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>|)$/, diff --git a/src/sizzle b/src/sizzle index 20ad5f811..8c6ed151b 160000 --- a/src/sizzle +++ b/src/sizzle @@ -1 +1 @@ -Subproject commit 20ad5f811e22bf8528d8c33f0e7966fdb461c55a +Subproject commit 8c6ed151bdfd03b8a8ec3707963caada8e73d041 diff --git a/test/unit/core.js b/test/unit/core.js index e505ca9b0..09f5c4c94 100644 --- a/test/unit/core.js +++ b/test/unit/core.js @@ -27,7 +27,7 @@ test("jQuery()", function() { div = jQuery("

"), exec = false, lng = "", - expected = 26, + expected = 22, attrObj = { "click": function() { ok( exec, "Click executed." ); }, "text": "test", @@ -139,15 +139,9 @@ test("jQuery()", function() { // manually clean up detached elements elem.remove(); - equal( jQuery("
").length, 1, "Make sure whitespace is trimmed." ); - equal( jQuery(" a
b ").length, 1, "Make sure whitespace and other characters are trimmed." ); - for ( i = 0; i < 128; i++ ) { lng += "12345678"; } - - equal( jQuery("
" + lng + "
").length, 1, "Make sure whitespace is trimmed on long strings." ); - equal( jQuery(" a
" + lng + "
b ").length, 1, "Make sure whitespace and other characters are trimmed on long strings." ); }); test( "selector state", function() { @@ -1206,7 +1200,7 @@ test("jQuery.proxy", function(){ }); test("jQuery.parseHTML", function() { - expect( 12 ); + expect( 13 ); var html, nodes; @@ -1231,6 +1225,8 @@ test("jQuery.parseHTML", function() { equal( jQuery.parseHTML("text")[0].nodeType, 3, "Parsing text returns a text node" ); equal( jQuery.parseHTML( "\t
" )[0].nodeValue, "\t", "Preserve leading whitespace" ); + + equal( jQuery.parseHTML("
")[0].nodeType, 3, "Leading spaces are treated as text nodes (#11290)" ); }); test("jQuery.parseJSON", function(){ diff --git a/test/unit/selector.js b/test/unit/selector.js index 76c4fbfba..57c32cf0d 100644 --- a/test/unit/selector.js +++ b/test/unit/selector.js @@ -17,7 +17,7 @@ test("element - jQuery only", function() { ok( jQuery("#length").length, " cannot be found under IE, see #945" ); ok( jQuery("#lengthtest input").length, " cannot be found under IE, see #945" ); - //#7533 + // #7533 equal( jQuery("

foo

").find("p").length, 1, "Find where context root is a node and has an ID with CSS3 meta characters" ); }); @@ -77,6 +77,18 @@ test("disconnected nodes", function() { equal( $div.is("div"), true, "Make sure .is('nodeName') works on disconnect nodes." ); }); +test("jQuery only - broken", 1, function() { + raises(function() { + // Setting context to null here somehow avoids QUnit's window.error handling + // making the e & e.message correct + // For whatever reason, without this, + // Sizzle.error will be called but no error will be seen in oldIE + jQuery.call( null, "
" ); + }, function( e ) { + return e.message.indexOf("Syntax error") >= 0; + }, "leading space invalid: $('
')" ); +}); + testIframe("selector/html5_selector", "attributes - jQuery.attr", function( jQuery, window, document ) { expect( 35 ); diff --git a/test/unit/traversing.js b/test/unit/traversing.js index 9388089b2..fa945365c 100644 --- a/test/unit/traversing.js +++ b/test/unit/traversing.js @@ -114,7 +114,7 @@ test("is() with positional selectors", function() { "

firsttest

" ).appendTo( "body" ), isit = function(sel, match, expect) { - equal( jQuery( sel ).is( match ), expect, "jQuery( " + sel + " ).is( " + match + " )" ); + equal( jQuery( sel ).is( match ), expect, "jQuery('" + sel + "').is('" + match + "')" ); }; isit( "#posp", "#posp:first", true );