Skip to content

Commit 1852f48

Browse files
ctcpipctcpip
committed
🔒️ fix CVE-2020-11022 
1 parent 8365748 commit 1852f48

File tree

4 files changed

+10
-13
lines changed

4 files changed

+10
-13
lines changed

src/manipulation.js

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -25,13 +25,10 @@ define( [
2525
wrapMap, getAll, setGlobalEval, buildFragment, support,
2626
dataPriv, dataUser, acceptData ) {
2727

28-
var
29-
rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:-]+)[^>]*)\/>/gi,
30-
3128
// Support: IE 10-11, Edge 10240+
3229
// In IE/Edge using regex groups here causes severe slowdowns.
3330
// See https://connect.microsoft.com/IE/feedback/details/1736512/
34-
rnoInnerhtml = /<script|<style|<link/i,
31+
var rnoInnerhtml = /<script|<style|<link/i,
3532

3633
// checked="checked" or checked
3734
rchecked = /checked\s*(?:[^=]|=\s*.checked.)/i,
@@ -226,7 +223,7 @@ function remove( elem, selector, keepData ) {
226223

227224
jQuery.extend( {
228225
htmlPrefilter: function( html ) {
229-
return html.replace( rxhtmlTag, "<$1></$2>" );
226+
return html;
230227
},
231228

232229
clone: function( elem, dataAndEvents, deepDataAndEvents ) {

test/unit/core.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ QUnit.test( "jQuery()", function( assert ) {
1717
obj = jQuery( "div" ),
1818
code = jQuery( "<code/>" ),
1919
img = jQuery( "<img/>" ),
20-
div = jQuery( "<div/><hr/><code/><b/>" ),
20+
div = jQuery( "<div></div><hr/><code></code><b/>" ),
2121
exec = false,
2222
expected = 23,
2323
attrObj = {

test/unit/css.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ QUnit.test( "css(String|Hash)", function( assert ) {
2525
assert.equal( div.css( "width" ), "4px", "Width on disconnected node." );
2626
assert.equal( div.css( "height" ), "4px", "Height on disconnected node." );
2727

28-
div2 = jQuery( "<div style='display:none;'><input type='text' style='height:20px;'/><textarea style='height:20px;'/><div style='height:20px;'></div></div>" ).appendTo( "body" );
28+
div2 = jQuery( "<div style='display:none;'><input type='text' style='height:20px;'/><textarea style='height:20px;'></textarea><div style='height:20px;'></div></div>" ).appendTo( "body" );
2929

3030
assert.equal( div2.find( "input" ).css( "height" ), "20px", "Height on hidden input." );
3131
assert.equal( div2.find( "textarea" ).css( "height" ), "20px", "Height on hidden textarea." );

test/unit/manipulation.js

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1285,7 +1285,7 @@ QUnit.test( "Empty replaceWith (trac-13401; trac-13596; gh-2204)", function( ass
12851285

12861286
assert.expect( 25 );
12871287

1288-
var $el = jQuery( "<div/><div/>" ).html( "<p>0</p>" ),
1288+
var $el = jQuery( "<div></div><div></div>" ).html( "<p>0</p>" ),
12891289
expectedHTML = $el.html(),
12901290
tests = {
12911291
"empty string": "",
@@ -1631,7 +1631,7 @@ function testHtml( valueObj, assert ) {
16311631
div = jQuery( "<div></div>" ),
16321632
fixture = jQuery( "#qunit-fixture" );
16331633

1634-
div.html( valueObj( "<div id='parent_1'><div id='child_1'/></div><div id='parent_2'/>" ) );
1634+
div.html( valueObj( "<div id='parent_1'><div id='child_1'></div></div><div id='parent_2'></div>" ) );
16351635
assert.equal( div.children().length, 2, "Found children" );
16361636
assert.equal( div.children().children().length, 1, "Found grandchild" );
16371637

@@ -2415,7 +2415,7 @@ QUnit.test( "jQuery._evalUrl (#12838)", function( assert ) {
24152415
assert.equal( ( input.url || input ).slice( -1 ), expectedArgument, message );
24162416
expectedArgument++;
24172417
};
2418-
jQuery( "#qunit-fixture" ).append( "<script src='1'/><script src='2'/>" );
2418+
jQuery( "#qunit-fixture" ).append( "<script src='1'></script><script src='2'></script>" );
24192419
assert.equal( expectedArgument, 3, "synchronous execution" );
24202420

24212421
message = "custom implementation";
@@ -2424,7 +2424,7 @@ QUnit.test( "jQuery._evalUrl (#12838)", function( assert ) {
24242424
jQuery.ajax = function( options ) {
24252425
assert.strictEqual( options, {}, "Unexpected call to jQuery.ajax" );
24262426
};
2427-
jQuery( "#qunit-fixture" ).append( "<script src='3'/><script src='4'/>" );
2427+
jQuery( "#qunit-fixture" ).append( "<script src='3'></script><script src='4'></script>" );
24282428

24292429
jQuery.ajax = ajax;
24302430
jQuery._evalUrl = evalUrl;
@@ -2454,7 +2454,7 @@ QUnit.test( "jQuery.htmlPrefilter (gh-1747)", function( assert ) {
24542454
expectedArgument = "A-" + poison + "B-" + poison + poison + "C-";
24552455
fixture.html( expectedArgument );
24562456

2457-
expectedArgument = "D-" + poison + "E-" + "<del/><div>" + poison + poison + "</div>" + "F-";
2457+
expectedArgument = "D-" + poison + "E-" + "<del></del><div>" + poison + poison + "</div>" + "F-";
24582458
fixture.append( expectedArgument );
24592459

24602460
expectedArgument = poison;
@@ -2509,7 +2509,7 @@ QUnit.test( "Index for function argument should be received (#13094)", function(
25092509

25102510
var i = 0;
25112511

2512-
jQuery( "<div/><div/>" ).before( function( index ) {
2512+
jQuery( "<div></div><div></div>" ).before( function( index ) {
25132513
assert.equal( index, i++, "Index should be correct" );
25142514
} );
25152515

0 commit comments

Comments
 (0)