Only allow alphanumeric characters & underscores for callback parameters.
This is only test code so we're not fixing any security issue but it happens
often enough that the whole jQuery repository directory structure is deployed
onto the server with PHP enabled that it makes is easy to introduce security
issues if this cleanup is not done.
This is a 1.x/2.x version of PR gh-4871.
The change doesn't require a release; it's meant at installations testing
the latest state of `1.12-stable` & `2.2-stable` branches.
This change also fixes testing on Travis & on Chrome/Firefox.
Closes gh-4875
Ref gh-4764
Ref gh-4871
(cherry picked from acb7c49c8d)
A bug in UglifyJS was causing function declarations to sometimes be put
in blocks which wasn't well specified in ES5 so it may break some browsers.
This bump will prevent the issue from occurring in any potential future
releae in this line.
(cherry-picked from b14ce54334)
Refs jquery/jquery#3153
Refs mishoo/UglifyJS2#1052
`npm install package@version --save` sorts the dependencies alphabetically
so the next such run would fix the order anyway; it's better to not mix
concerns, though, so it's done now in a separate commit.
(cherry-picked from 4a8985f56a)
This makes commands like `npm install package --save-dev` always get saved
to package.json as a pinned version and not as a `^`-delimited range.
(cherry-picked from 6600e2e2b9)
Safari 9.1 shares its support test results with Safari 9.0 but it's been
excluded from the regex catching Safari 9.0. This has been fixed.
(cherry-picked from 234a2d8280)
IE 11 used to have an issue where if an element inside an iframe was put
in fullscreen mode, the element dimensions started being 100 times too small;
we've added a workaround that would multiply them by 100. However, the IE 11
issue has been unexpectedly fixed and since our detection was really detecting
the browser and not a bug, we've started breaking the browser instead of fixing
it.
Since there's no good way to detect if the bug exists, we have to back the
workaround out completely.
Refs ff1a0822f7
Refs fb9adb9f05
Fixes gh-3041
Refs gh-1764
Refs gh-2401
Refs 90d828bad0
The document.implementation.createHTMLDocument("") method creates inert
documents which is good but using it has introduced issues around anchor
elements href property not resolving according to the current document.
Because of that, this patch is getting backed out on 1.x/2.x branches.
(cherry-picked from c5c3073531)
Refs cfe468f29c
Refs gh-1505
Fixes gh-2941
This reverts commit 0654711e0d.
This commit provoked new issues: gh-2836, gh-2828.
At the meeting, we decided to revert offending commit
(in all three branches - 2.2-stable, 1.12-stable and master)
and tackle this issue in 3.x.
Fixes gh-2828
