Bug Tracker

Modify

Ticket #11290 (open bug)

Opened 3 months ago

Last modified 3 months ago

selector interpreted as HTML

Reported by: gibson042 Owned by:
Priority: blocker Milestone: 1.8
Component: core Version: 1.7.1
Keywords: Cc:
Blocking: Blocked by:

Description

#9521 and #6429 and probably others identify specific instances of a general problem: jQuery( strInput ) cannot reliably differentiate selectors from HTML.

 http://jsfiddle.net/C8dgG/

Looking for "<" past the first character creates vulnerabilities and confusing behavior on complex input.

quickExpr should be abandoned in favor of a simpler "parse as HTML if and only if there is a leading less-than" rule, with intentional parsing handled by the jQuery( "<div/>" ).html( strHtml ).contents() pattern.

Change History

comment:1 Changed 3 months ago by gibson042

Also (for reference),  CSS lexical tokenization: 

string	{string1}|{string2}
string1	\"([^\n\r\f\\"]|\\{nl}|{escape})*\"
string2	\'([^\n\r\f\\']|\\{nl}|{escape})*\'
escape	{unicode}|\\[^\n\r\f0-9a-f]
unicode	\\[0-9a-f]{1,6}(\r\n|[ \n\r\t\f])?

comment:2 Changed 3 months ago by dmethvin

  • Priority changed from undecided to blocker
  • Status changed from new to open
  • Component changed from unfiled to core
  • Milestone changed from None to 1.8

Please follow the  bug reporting guidlines and use  jsFiddle when providing test cases and demonstrations instead of pasting the code in the ticket.

View

Add a comment

Modify Ticket

Action
as open
Author


E-mail address and user name can be saved in the Preferences.

Attachments
 
Note: See TracTickets for help on using tickets.