From 6a3d0996edf2f8ba69f62c8c7c3eda07b674d81f Mon Sep 17 00:00:00 2001 From: John Resig Date: Sun, 24 Jan 2010 21:37:05 -0500 Subject: [PATCH] Make sure that XHTML-style HTML is purified in .html(). Fixes #5845. --- src/manipulation.js | 4 +++- test/unit/manipulation.js | 9 +++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/src/manipulation.js b/src/manipulation.js index 401cf86bd..23463d16e 100644 --- a/src/manipulation.js +++ b/src/manipulation.js @@ -189,6 +189,8 @@ jQuery.fn.extend({ (jQuery.support.leadingWhitespace || !rleadingWhitespace.test( value )) && !wrapMap[ (rtagName.exec( value ) || ["", ""])[1].toLowerCase() ] ) { + value = value.replace(rxhtmlTag, fcloseTag); + try { for ( var i = 0, l = this.length; i < l; i++ ) { // Remove element nodes and prevent memory leaks @@ -501,4 +503,4 @@ jQuery.extend({ jQuery.removeData( elem ); } } -}); \ No newline at end of file +}); diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js index 7db8d5bae..16992aeb7 100644 --- a/test/unit/manipulation.js +++ b/test/unit/manipulation.js @@ -793,7 +793,7 @@ test("clone() on XML nodes", function() { } var testHtml = function(valueObj) { - expect(22); + expect(24); jQuery.scriptorder = 0; @@ -805,6 +805,11 @@ var testHtml = function(valueObj) { } ok( pass, "Set HTML" ); + div = jQuery("
").html( valueObj('
') ); + + equals( div.children().length, 2, "Make sure two child nodes exist." ); + equals( div.children().children().length, 1, "Make sure that a grandchild exists." ); + reset(); // using contents will get comments regular, text, and comment nodes var j = jQuery("#nonnodes").contents(); @@ -1040,4 +1045,4 @@ test("jQuery.cleanData", function() { return div; } -}); \ No newline at end of file +});