library-mirrors/jquery
1
0
Fork 0
mirror of https://github.com/jquery/jquery.git synced 2024-11-23 02:54:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Core: use document.implemenation.createHTMLDocument in jQuery.parseHTML

Browse Source 
Close gh-1505
This commit is contained in:
Frederic Hemberger 2014-12-09 15:13:46 -05:00 committed by Timmy Willison
parent 43faf6d1f9
commit 58c2460821
5 changed files with 39 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/core.js
View File

@ -7,7 +7,7 @@ define([
"./var/class2type",
"./var/toString",
"./var/hasOwn",
"./var/support"
"./core/support"
], function( arr, slice, concat, push, indexOf, class2type, toString, hasOwn, support ) {
var

8
src/core/parseHTML.js
View File

@ -2,7 +2,7 @@ define([
"../core",
"./var/rsingleTag",
"../manipulation" // buildFragment
], function( jQuery, rsingleTag ) {
], function( jQuery, rsingleTag, support ) {
// data: string of html
// context (optional): If specified, the fragment will be created in this context,
@ -16,7 +16,11 @@ jQuery.parseHTML = function( data, context, keepScripts ) {
keepScripts = context;
context = false;
}
context = context || document;
// document.implementation stops scripts or inline event handlers from
// being executed immediately
context = context || ( support.createHTMLDocument ?
document.implementation.createHTMLDocument() :
document );
var parsed = rsingleTag.exec( data ),
scripts = !keepScripts && [];

6
src/core/support.js Normal file
View File

@ -0,0 +1,6 @@
define([
"../var/support"
], function( jQuery, support ) {
// window.document is used here as it's before the sandboxed document
support.createHTMLDocument = !!window.document.implementation.createHTMLDocument;
});

18
test/unit/core.js
View File

@ -1367,6 +1367,24 @@ test("jQuery.parseHTML", function() {
ok( jQuery.parseHTML("<#if><tr><p>This is a test.</p></tr><#/if>") || true, "Garbage input should not cause error" );
});
// This XSS test is optional, as it will only pass when `document.implementation.createHTMLDocument`
// is implemented. This might not be the case for older Android browsers (<= 2.x).
if ( document.implementation.createHTMLDocument ) {
asyncTest("jQuery.parseHTML", function() {
expect ( 1 );
Globals.register("parseHTMLError");
jQuery.globalEval("parseHTMLError = false;");
jQuery.parseHTML( "<img src=x onerror='parseHTMLError = true'>" );
window.setTimeout(function() {
start();
equal( window.parseHTMLError, false, "onerror eventhandler has not been called." );
}, 2000);
});
}
test("jQuery.parseJSON", function() {
expect( 20 );

8
test/unit/support.js
View File

@ -61,6 +61,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
"checkOn": true,
"clearCloneStyle": true,
"cors": true,
"createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": true,
@ -77,6 +78,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
"checkOn": true,
"clearCloneStyle": false,
"cors": true,
"createHTMLDocument": true,
"focusinBubbles": true,
"noCloneChecked": false,
"optDisabled": true,
@ -93,6 +95,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
"checkOn": true,
"clearCloneStyle": false,
"cors": false,
"createHTMLDocument": true,
"focusinBubbles": true,
"noCloneChecked": false,
"optDisabled": true,
@ -109,6 +112,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
"checkOn": true,
"clearCloneStyle": true,
"cors": true,
"createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": true,
@ -125,6 +129,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
"checkOn": true,
"clearCloneStyle": true,
"cors": true,
"createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": true,
@ -141,6 +146,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
"checkOn": true,
"clearCloneStyle": true,
"cors": true,
"createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": true,
@ -157,6 +163,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
"checkOn": false,
"clearCloneStyle": true,
"cors": true,
"createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": true,
@ -173,6 +180,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
"checkOn": false,
"clearCloneStyle": false,
"cors": true,
"createHTMLDocument": true,
"focusinBubbles": false,
"noCloneChecked": true,
"optDisabled": false,