diff options
| author | Guy Brand <gb@unistra.fr> | 2014-05-05 22:51:26 +0200 |
|---|---|---|
| committer | Guy Brand <gb@unistra.fr> | 2014-05-05 22:51:26 +0200 |
| commit | 43a2e077a27740ebb0f0bc49e4a3d288c8811d78 (patch) | |
| tree | e22f94855951702e622d4c40ac44f3031b3d5819 /lib/scripts/jquery/jquery-migrate.js | |
| parent | c6af9e94ed5d7f7713359faac18543db9a9aee48 (diff) | |
| parent | 75930869ddcb31470ea7617eddfb882de02645df (diff) | |
| download | rpg-43a2e077a27740ebb0f0bc49e4a3d288c8811d78.tar.gz rpg-43a2e077a27740ebb0f0bc49e4a3d288c8811d78.tar.bz2 | |
Merge branch 'master' into stable
Diffstat (limited to 'lib/scripts/jquery/jquery-migrate.js')
| -rw-r--r-- | lib/scripts/jquery/jquery-migrate.js | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/lib/scripts/jquery/jquery-migrate.js b/lib/scripts/jquery/jquery-migrate.js index 942cb8b4d..25b6c8131 100644 --- a/lib/scripts/jquery/jquery-migrate.js +++ b/lib/scripts/jquery/jquery-migrate.js @@ -1,5 +1,5 @@ /*! - * jQuery Migrate - v1.1.1 - 2013-02-16 + * jQuery Migrate - v1.2.1 - 2013-05-08 * https://github.com/jquery/jquery-migrate * Copyright 2005, 2013 jQuery Foundation, Inc. and other contributors; Licensed MIT */ @@ -17,8 +17,8 @@ jQuery.migrateWarnings = []; // jQuery.migrateMute = false; // Show a message on the console so devs know we're active -if ( !jQuery.migrateMute && window.console && console.log ) { - console.log("JQMIGRATE: Logging is active"); +if ( !jQuery.migrateMute && window.console && window.console.log ) { + window.console.log("JQMIGRATE: Logging is active"); } // Set to false to disable traces that appear with warnings @@ -33,10 +33,11 @@ jQuery.migrateReset = function() { }; function migrateWarn( msg) { + var console = window.console; if ( !warnedAbout[ msg ] ) { warnedAbout[ msg ] = true; jQuery.migrateWarnings.push( msg ); - if ( window.console && console.warn && !jQuery.migrateMute ) { + if ( console && console.warn && !jQuery.migrateMute ) { console.warn( "JQMIGRATE: " + msg ); if ( jQuery.migrateTrace && console.trace ) { console.trace(); @@ -189,26 +190,35 @@ jQuery.attrHooks.value = { var matched, browser, oldInit = jQuery.fn.init, oldParseJSON = jQuery.parseJSON, - // Note this does NOT include the #9521 XSS fix from 1.7! - rquickExpr = /^(?:[^<]*(<[\w\W]+>)[^>]*|#([\w\-]*))$/; + // Note: XSS check is done below after string is trimmed + rquickExpr = /^([^<]*)(<[\w\W]+>)([^>]*)$/; // $(html) "looks like html" rule change jQuery.fn.init = function( selector, context, rootjQuery ) { var match; if ( selector && typeof selector === "string" && !jQuery.isPlainObject( context ) && - (match = rquickExpr.exec( selector )) && match[1] ) { + (match = rquickExpr.exec( jQuery.trim( selector ) )) && match[ 0 ] ) { // This is an HTML string according to the "old" rules; is it still? if ( selector.charAt( 0 ) !== "<" ) { migrateWarn("$(html) HTML strings must start with '<' character"); } + if ( match[ 3 ] ) { + migrateWarn("$(html) HTML text after last tag is ignored"); + } + // Consistently reject any HTML-like string starting with a hash (#9521) + // Note that this may break jQuery 1.6.x code that otherwise would work. + if ( match[ 0 ].charAt( 0 ) === "#" ) { + migrateWarn("HTML string cannot start with a '#' character"); + jQuery.error("JQMIGRATE: Invalid selector string (XSS)"); + } // Now process using loose rules; let pre-1.8 play too if ( context && context.context ) { // jQuery object as context; parseHTML expects a DOM object context = context.context; } if ( jQuery.parseHTML ) { - return oldInit.call( this, jQuery.parseHTML( jQuery.trim(selector), context, true ), + return oldInit.call( this, jQuery.parseHTML( match[ 2 ], context, true ), context, rootjQuery ); } } |