The spec requires that CSS variable values are trimmed. In browsers that do
this - mainly, Safari, but also Firefox if the value only has leading
whitespace - we currently return undefined; in other browsers, we return
an empty string as the logic to fall back to undefined happens before
trimming.
This commit adds another explicit callback to `undefined` to have it consistent
across browsers.
Also, more explicit comments about behaviors we need to work around in various
browsers have been added.
Closes gh-5120
Ref gh-5106
(cherry picked from commit 7eb0019640)
Regex imp implementation takes `O(N^2)` time to trim the string when
multiple adjacent spaces were present.
The new expression require that the "whitespace run" starts from
a non-whitespace to avoid `O(N^2)` behavior when the engine would
try matching `\s+$` at each space position.
Closes gh-5068
This change makes jQuery skip falsy values in `addClass( array )`
& `removeClass( array )` instead of stopping iteration when the first falsy
value is detected. This makes code like:
```js
elem.addClass( [ "a", "", "b" ] );
```
add both the `a` & `b` classes.
The code was also optimized for size a bit so it doesn't increase the
minified gzipped size.
Fixes gh-4998
Closes gh-5003
(partially cherry picked from commit a338b407f2)
This is a version of gh-4993 for the `3.x-stable` branch.
The GitHub UI treats `#NUMBER` as referring to its own issues which is confusing
when in jQuery source it's usually referring to the old deprecated Trac instance
at https://bugs.jquery.com. This change replaces all such Trac references with
`trac-NUMBER`.
A few of the references came with the Sizzle integration and referred to the
Sizzle GitHub bug tracker. Those have been replaced with full links instead.
A new entry describing issue reference conventions has been added to README.
Closes gh-4994
Ref gh-4993
Ref 5d5ea01511
Neither of the removed links is crucial; one of them refers to a site that has
since started being malicious; while the Web Archive links remain safe, some
scanners warn about such links. Removing them is the safest thing to do.
Fixes gh-4981
Closes gh-4991
(cherry picked from commit e24f2dcf3f)
CSS does not acknowledge carriage return or form feed characters
as whitespace but it does replace them with whitespace, making it
acceptable to use `rtrim`.
Closes gh-4956
(cherry picked from commit 655c0ed5e2)
The spec has recently changed and CSS Custom Properties values are trimmed now.
This change makes jQuery polyfill that new behavior for all browsers.
Ref w3c/csswg-drafts#774
Fixes gh-4926
Closes gh-4930
(partially cherry picked from commit efadfe991a)
When evaluating scripts, jQuery strips out the possible wrapping HTML comment
and a CDATA section. However, all supported browsers are already doing that
when loading JS via appending a script tag to the DOM which is how we've been
doing `jQuery.globalEval` since jQuery 3.0.0. jQuery logic was imperfect, e.g.
it just stripped the `<!--` and `-->` markers, respectively at the beginning or
the end of the script contents. However, browsers are also stripping everything
following those markers in the same line, treating them as single-line comments
delimiters; this is now also mandated by ECMAScript 2015 in Annex B. Instead
of fixing the jQuery logic, just let the browser do its thing.
We still need to strip CDATA sections for backwards compatibility. This
shouldn't be needed as in XML documents they're already not visible when
inspecting element contents and in HTML documents they have no meaning but
we're preserving that logic for backwards compatibility. This will be removed
completely in 4.0.
Fixes gh-4904
Closes gh-4905
Ref gh-4906
The `_default` function in the special event settings for focus/blur has
always returned `true` since gh-4813 as the event was already being fired
from `leverageNative`. However, that only works if there's an active handler
on that element; this made a quick consecutive call:
```js
elem.on( "focus", function() {} ).off( "focus" );
```
make subsequent `.trigger( "focus" )` calls to not do any triggering.
The solution, already used in a similar `_default` method for the `click` event,
is to check for the `dataPriv` entry on the element for the focus event
(similarly for blur).
Fixes gh-4867
Closes gh-4885
(cherry picked from commit e539bac79e)
Firefox incorrectly (or perhaps correctly) includes table borders in computed
dimensions, but they are the only one. Workaround this by testing for it and
falling back to offset properties
Fixes gh-4529
Closes gh-4807
If during a focus handler another focus event is triggered:
```js
elem1.on( "focus", function() {
elem2.trigger( "focus" );
} );
```
due to their synchronous nature everywhere outside of IE the hack added in
gh-4279 to leverage native events causes the native `.focus()` method to be
called last for the initial element, making it steal the focus back. Since
the native method is already being called in `leverageNative`, we can skip that
final call.
This aligns with changes to the `_default` method for the `click` event that
were added when `leverageNative` was introduced there.
A side effect of this change is that now `focusin` will only propagate to the
document for the last focused element. This is a change in behavior but it also
aligns us better with how this works with native methods.
Fixes gh-4382
Closes gh-4813
Ref gh-4279
(cherry picked from commit dbcffb396c)
In Chrome, if an element having a `focusout` handler is blurred by
clicking outside of it, it invokes the handler synchronously. If
that handler calls `.remove()` on the element, the data is cleared,
leaving private data undefined. We're reading a property from that
data so we need to guard against this.
Fixes gh-4417
Closes gh-4799
(cherry picked from commit 5c2d08704e)
All supported browsers implement this property by themselves. The shim was only
needed for IE <9.
Fixes gh-3235
Closes gh-4765
Ref gh-4755
(cherry picked from commit 1a5fff4c16)
Issue gh-4379 was meant to be a bug fix but the JSONP case is a bit special:
under the hood it's a script but it simulates JSON responses in an environment
without a CORS setup and sending JSON payloads on error responses is quite
typical there.
This commit makes JSONP error responses still execute the payload. The regular
script error responses continue to be skipped.
Fixes gh-4771
Closes gh-4773
(cherry picked from commit a1e619b03a)
The way warning against number values in `.css()` setters was done in
jquery/jquery-migrate#337 and later refined in jquery/jquery-migrate#348
there's no need to send px-ed strings for `top` & `left` as they already
don't get the "px" suffix.
This reverts commit 57038faebc.
Closes gh-4753
Ref jquery/jquery-migrate/pull/337
Ref jquery/jquery-migrate/pull/348
1. Correct code indentations based on jQuery Style Guide
(contribute.jquery.org/style-guide/js/#spacing).
2. Add rules to "src/.eslintrc.json" to enable "enforcing consistent
indentation", with minimal changes to the current code.
Closes gh-4672
(cherry picked from 3d62d57049)
The change in gh-4603 made the object returned by `elem.data()`
a prototype-less object. That's a desired change to support keys
colliding with `Object.prototype` properties but it's also a breaking
change so it has to wait for jQuery 4.0.0.
A 3.x-only test was added to avoid breaking it in the future on this
branch.
Fixes gh-4665
Ref gh-4603
Closes gh-4666
The script transport used to evaluate fetched script sources which is
undesirable for unsuccessful HTTP responses. This is different to other data
types where such a convention was fine (e.g. in case of JSON).
(cherry picked from 50871a5a85)
Fixes gh-4250
Fixes gh-4655
Closes gh-4379
This fixes the issue of "%20" in POST data being replaced with "+"
even for requests with content-type different from
"application/x-www-form-urlencoded", e.g. for "application/json".
Fixes gh-4119
Closes gh-4650
(cherry picked from 7fb90a6bea)
Co-authored-by: Richard Gibson <richard.gibson@gmail.com>
Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
The `doc` variable in:
https://github.com/jquery/jquery/blob/3.4.1/src/event/focusin.js#L30
matched `document` for `document` & `window` for `window`, creating two
separate wrapper event handlers & calling handlers twice if at least one
`focusout` or `focusin` handler was attached on *both* `window` & `document`,
or on `window` & another regular node.
Also, fix the "focusin from an iframe" test to actually verify the behavior
from commit 1cecf64e5a - the commit that
introduced the regression - to make sure we don't regress on either front.
Fixes gh-4652
Closes gh-4656
Make sure events & data keys matching Object.prototype properties work.
A separate fix for such events on cloned elements was added as well.
Fixes gh-3256
Closes gh-4603
(cherry picked from commit 9d76c0b163)
Node.js code is written more & more commonly in ES6+ so it doesn't make sense
to enable it there. There are many violations in test code so it's disabled
there as well.
Closes gh-4615
(cherry picked from commit 4a7fc8544e)
This commit aligns the `3.x-stable` branch with `master` in two aspects:
1. It migrates the nonce module to return an object instead of a primitive
variable. This had to be changed on `master` as in ES modules you export
live read-only bindings to variables, meaning you can't increment the nonce
directly. Also, the way it was done so far was working differently in AMD & the
single built file - in the built file one nonce variable was declared, accessed
and incremented. In AMD mode separate instances were create for each module
that depend on the nonce module, creating unintended nonce clashes.
2. Whether the `noGlobal` parameter was set to `true` is now checked using the
typeof operator to align with `master`.
Closes gh-4612
Ref gh-4541
Ref d0ce00cdfa
1. Support passing custom document to jQuery.globalEval; the script will be
invoked in the context of this document.
2. Fire external scripts appended to iframe contents in that iframe context;
this was already supported & tested for inline scripts but not for external
ones.
Fixes gh-4518
Closes gh-4601
(cherry picked from commit 4592595b47)
This commit fixes unit tests for the following builds:
1. The no-deprecated build: `custom:-deprecated`
2. The current slim build: `custom:-ajax,-effects`
3. The 4.0 (#4553) slim build: `custom:-ajax,-callbacks,-deferred,-effects`
It also adds separate Travis jobs for the no-deprecated & slim builds.
Apart from that, add intuitive names to Travis jobs. Otherwise it's hard to see
at a glance that a particular job is running on Firefox ESR, for example.
Ref gh-4577
Ref gh-4596
Closes gh-4600
A new `src/deprecated` directory makes it possible to exclude some deprecated
APIs from a custom build when their respective "parent" module is excluded
without keeping that module outside of the `src/deprecated` directory or
the `src/deprecated.js` file.
Closes gh-4572
(cherry picked from 23d53928f3)
There was a check in jQuery.event.add that was supposed to make it a noop
for objects that don't accept data like text or comment nodes. The problem was
the check was incorrect: it assumed `dataPriv.get( elem )` returns a falsy
value for an `elem` that doesn't accept data but that's not the case - we get
an empty object then. The check was changed to use `acceptData` directly.
(cherry picked from d5c505e35d)
Fixes gh-4397
Closes gh-4558
An upcoming release of Migrate will generate warnings for calls to .css() that pass numbers rather than strings, see jquery/jquery-migrate#296 . At the moment, core's .offset() setter passes numbers rather than px strings so it would throw warnings. This commit fixes that.
Closes gh-4508
This commit requires all function parameters to be used, not just the last one.
In cases where that's not possible as we need to match an external API, there's
an escape hatch of prefixing an unused argument with `_`.
This change makes it easier to catch unused AMD dependencies and unused
parameters in internal functions the API of which we may change at will, among
other things.
Unused AMD dependencies have been removed as part of this commit.
Closes gh-4381
(cherry-picked from 438b1a3e8a)
Because of the above conditional, the 'type' variable has a value of type
'string' or undefined. Therefore, boolean comparisons for 'type' variable
is always unnecessary because it return true. The patch removed the
unnecessary conditional statement.
Fixes gh-4374
Closes gh-4375
(cherry picked from commit 110802c7f2)
Calling `Array.prototype.concat.apply( [], inputArray )` to flatten `inputArray`
crashes for large arrays; using `Array.prototype.flat` avoids these issues in
browsers that support it. In case it's necessary to support these large arrays
even in older browsers, a polyfill for `Array.prototype.flat` can be loaded.
This is already being done by many applications.
(cherry picked from 9df4f1de12)
Fixes gh-4320
Closes gh-4459
`:even` & `:odd` are deprecated since jQuery 3.4.0 & will be removed in 4.0.0.
The new `even()` & `odd()` methods will make the migration easier.
Closes gh-4485
(cherry picked from commit 78420d427c)
This commit also backports some jQuery.isXMLDoc tests from master so that this
behavior doesn't regress.
(partially cherry-picked from 79b74e043a)
Closes gh-4438
Ref jquery/sizzle#378
Ref jquery/sizzle#436
The original fix didn't account for the fact that in IE `<object>` elements
with no `data` attribute have an object `contentDocument`. The fix leverages
the fact that this special object has a null prototype.
(cherry-picked from ccbd6b9342)
Closes gh-4390
Ref gh-4384
Ref gh-4385
The test for Shadow DOM v1 support has been changed to rely on the presence of
`documentElement.getRootNode` as iOS 10.0-10.2 supports `attachShadow` but
doesn't support `getRootNode`.
No new test is necessary - iOS 10.0 fails lots of our test suite because of
this bug.
Fixes gh-4356
Closes gh-4360