Skip to main content

Bug Tracker

Side navigation

#3778 closed bug (fixed)

Opened January 04, 2009 03:03PM UTC

Closed June 19, 2012 06:04AM UTC

selector matching issues

Reported by: balazs.endresz Owned by: john
Priority: low Milestone: 1.8
Component: selector Version: 1.4.4
Keywords: Cc:
Blocked by: Blocking:
Description

The patch that prevents selectors to match inside square brackets causes some other problems:

  • If the value contains a dot and an opening bracket then the class selector regex will match the string after the dot:

input[name=".types["]

  • Also it won't match .foo in this expression:

.foo #bar\\]

Attachments (0)
Change History (12)

Changed January 04, 2009 06:48PM UTC by balazs.endre comment:1

Possible solution to the latter:

/(?![^\\\\\\[]*\\])(?![^\\\\\\(]*\\))/

But this way the class regex (and the others) will wrongly match if a backslash is present after a dot inside an attribute selector:

´[foo=.ba\\r]´

(besides the opening brackets, as in the first issue)

Changed January 09, 2009 06:31PM UTC by balazs.endresz comment:2

I've been thinking about the first issue and came up with a simple solution to detect if there's still an erroneous match inside an attribute selector. It doesn't impact speed - maybe only in these edge cases a bit - but the only problem is that it should be in the Sizzle.filter function, which isn't really the place where this should ideally happen. Here's a standalone code that demonstrates the logic:

var classregex = /\\.((?:[\\w\\u0128-\\uFFFF_-]|\\\\.)+)(?![^\\\\\\[]*\\])(?![^\\\\\\(]*\\))/;
var attrregex = /\\[((?:[\\w\\u0128-\\uFFFF_-]|\\\\.)+)\\s*(?:(\\S?=)\\s*(['"]*)(.*?)\\3|)\\]/;
var expr = 'input[name=".types["]' //original example
var expr = "input[name='.types\\\\.asdf']";
 //this would match ".types" too beacause of the fix for  in the previous comment
var match = classregex(expr);

//
// and in Sizzle.filter the following would go after 
// 
//

var nextpos=match && match.index + match[0].length;
if( nextpos && expr.charAt( nextpos ).match(/[\\[\\(\\\\]/) ){
  var isattr=attrregex(expr);
  if( isattr && ( (isattr.index + isattr[0].length) > nextpos ) )
    console.log("false positive"); // continue;
}

Changed January 19, 2009 06:56PM UTC by balazs.endresz comment:3

It's getting even more interesting :)

I tried to apply the above but the chunker splits this selector into two:

input[name=".types["]

becomes

input and name=".types["]

Now looking at the chunker this part: [^ >+~,(\\[]+ is interesting -- why does it have to split the selector by the openening braces? Removing (\\[ seems to solve this but I guess they have some purpose...

Btw, looks like people are already running into this bug: http://groups.google.com/group/jquery-en/browse_thread/thread/eefe67dca10c8163

Changed January 20, 2009 07:44PM UTC by john comment:4

milestone: 1.31.3.1
version: 1.2.61.3

I moved the discussion of input[name^="types["] style selectors to bug #3928.

Changed February 07, 2009 02:49PM UTC by dmethvin comment:5

resolution: → fixed
status: newclosed

Per John in #3928, fixed in SVN rev [6143].

Changed February 07, 2009 03:00PM UTC by balazs.endresz comment:6

resolution: fixed
status: closedreopened

I reopen this because #3928 was just a related problem. The original issue comes up when there's an opening bracket and a dot too in the attribute filter beacause that causes the class filter to match inside it (and the same goes for colons and pseudos).

Changed August 25, 2009 06:39PM UTC by ekauffma comment:7

I am still seeing this issue in 1.3.2.

It appears that as long as a left bracket occurs after a dot (even if it is not the first character in the string) the element will not be properly selected. For example:

div[name='a.b[c'] will fail to select

whereas:

div[name='a.b]c'] works fine...

Changed November 22, 2010 05:34AM UTC by snover comment:8

milestone: 1.3.11.5
priority: majorblocker
status: reopenedopen
version: 1.31.4.4

Confirmed. test case

Changed January 17, 2011 09:20PM UTC by john comment:9

milestone: 1.51.next
priority: blockerlow

Will check this out later, post-1.5.

Changed July 11, 2011 06:03PM UTC by dmethvin comment:10

Confirmed in bug triage, but low priority.

Changed July 11, 2011 08:12PM UTC by dmethvin comment:11

#5482 is a duplicate of this ticket.

Changed June 19, 2012 06:04AM UTC by timmywil comment:12

milestone: 1.next1.8
resolution: → fixed
status: openclosed

valid if escaped: http://jsfiddle.net/yjCW7/1/