🔒️ fix CVE-2020-11022

jquery-lts · ctcpip · Feb 12, 2014 · Dec 20, 2023 · Dec 20, 2023 · Dec 21, 2023
commit ae1140f76fbfdfb018f6fc60fece91af89a1adb1
diff --git a/src/core.js b/src/core.js
@@ -953,13 +953,6 @@ jQuery.extend({
 
 			// Convert html string into DOM nodes
 			if ( typeof elem == "string" ) {
-				// Fix "XHTML"-style tags in all browsers
-				elem = elem.replace(/(<(\w+)[^>]*?)\/>/g, function(all, front, tag){
-					return tag.match(/^(abbr|br|col|img|input|link|meta|param|hr|area|embed)$/i) ?
-						all :
-						front + "></" + tag + ">";
-				});
-
 				// Trim whitespace, otherwise indexOf won't work as expected
 				var tags = jQuery.trim( elem ).toLowerCase(), div = context.createElement("div");
 

diff --git a/test/unit/core.js b/test/unit/core.js
@@ -39,7 +39,7 @@ test("$()", function() {
 	equals( code.length, 1, "Correct number of elements generated for code" );
 	var img = $("<img/>");
 	equals( img.length, 1, "Correct number of elements generated for img" );
-	var div = $("<div/><hr/><code/><b/>");
+	var div = $("<div></div><hr><code></code><b></b>");
 	equals( div.length, 4, "Correct number of elements generated for div hr code b" );
 
 	// can actually yield more than one, when iframes are included, the window is an array as well