Ticket #10304 (closed bug: wontfix)
"jQuery[0-9]*=*" being stripped on .html() call.
| Reported by: | Krinkle | Owned by: | Krinkle |
|---|---|---|---|
| Priority: | low | Milestone: | 1.7 |
| Component: | core | Version: | 1.6.4rc1 |
| Keywords: | Cc: | ||
| Blocking: | Blocked by: |
Description (last modified by rwaldron) (diff)
jQuery strips that. Although it makes sense in a way, right now it's stripping them from just plain text, which is wrong. It should only remove them in places where they are actual attributes (ie. within < and >).
Example: $('<div>Lorem ipsum do foo and see <code> jQuery164040582746267318726="1"</code> foo bar</div>').html()
Reproduction: http://jsfiddle.net/yHCrw/
Change History
comment:1 Changed 20 months ago by rwaldron
- Owner set to Krinkle
- Status changed from new to pending
- Description modified (diff)
comment:2 Changed 20 months ago by Krinkle
- Status changed from pending to new
The blog where I encountered this bug had a blogpost about the jQuery guid.
Right now it's not removing certain ones in particular but any occurrence anywhere in the innerHTML, not limited to where (ie. between <tag and >) nor limited to which numbers (depending on how jQuery calculates these numbers it may be very possible to limit it to only match guids higher than the one it started with).
Actually, I don't think it's needed to check the number it self, Just making it only match between <tag and ` will fix most if not all cases (since then it's an actual attribute for which it is fair to assume that it was added by jQuery).
But right now it's not checking for the attribute, it's checking for the string itself.
comment:3 Changed 20 months ago by rwaldron
So basically, someone drilled a hole in a bucket, then called the bucket company to report faulty buckets? Or like, reporting faulty retina scan hardware... because a gouged out eye is still scannable.
comment:6 Changed 20 months ago by rwaldron
- Priority changed from undecided to low
- Resolution set to wontfix
- Status changed from pending to closed
- Component changed from unfiled to core
- Milestone changed from None to 1.7
comment:7 Changed 20 months ago by Krinkle
If the use case were an element with an attribute that looks like jQuery[0-9] then I'd say, sure. That's invalid, wontfix since it's supposed to happen and people shouldn't use such attributes.
However that's not the case here, I'm talking about a mention of jQuery[0-9] in clear text of the elements contents (NOT the attributes). Like this bug ticket for example mentioning jQuery012="foo" here and calling .html() on this paragraph element would strip that, this a genuine bug in my opinion as jQuery has no interest in stripping those, it's only intending to strip the attributes that it added.
Please follow the bug reporting guidlines and use jsFiddle when providing test cases and demonstrations instead of pasting the code in the ticket.
what reason does your code have to need "jQuery" prefixed pseudo-guid string?