Ticket #3905 (closed bug: duplicate)
Infinite loop with selector expression "*:not(.ELEM-CLASS) .SUBELEM-CLASS1"
| Reported by: | jlongster | Owned by: | john |
|---|---|---|---|
| Priority: | major | Milestone: | 1.3.1 |
| Component: | selector | Version: | 1.3 |
| Keywords: | Cc: | ||
| Blocking: | Blocked by: |
Description
I recently upgraded from jQuery 1.2.6 to jQuery 1.3 and one of my plugins broke the site. Looking into it further, it turns out to be an issue with a selector expression it used, meaning the bug lies within jQuery (or Sizzle).
The bug causes an infinite loop when executing a specific selector expression. Here's how to reproduce it.
Take the following HTML:
<div class="ELEM-CLASS">
<div class="SUBELEM-CLASS1">CLASS1</div>
</div>
And execute this javascript:
jQuery('*:not(.ELEM-CLASS) .SUBELEM-CLASS1');
And an infinite loop should occur. I've debugged this quite a bit, but I have no experience with jQuery's internals, especially Sizzle, so I got a bit lost. Here's what I found so far though.
The infinite loop occurs in selector.js on line 376 with the following statement (arrow points to the line):
TAG: function(match, curLoop){
for ( var i = 0; !curLoop[i]; i++ ){} <----- return isXML(curLoop[i]) ? match[1] : match[1].toUpperCase();
},
If you remove the nested div with the class SUBELEM-CLASS1, it runs fine. This works in 1.2.6, but obviously the whole selector engine has been rewritten in 1.3. I wish I could give better debugging info, but I could only go so far in the selector source without spending an inordinate amount of time.
Change History
Please follow the bug reporting guidlines and use jsFiddle when providing test cases and demonstrations instead of pasting the code in the ticket.
This is a duplicate of #3837.