I recently upgraded from jQuery 1.2.6 to jQuery 1.3 and one of my plugins broke the site. Looking into it further, it turns out to be an issue with a selector expression it used, meaning the bug lies within jQuery (or Sizzle).

The bug causes an infinite loop when executing a specific selector expression. Here's how to reproduce it.

Take the following HTML:

<div class="ELEM-CLASS">

<div class="SUBELEM-CLASS1">CLASS1</div>

</div>

And execute this javascript:

jQuery('*:not(.ELEM-CLASS) .SUBELEM-CLASS1');

And an infinite loop should occur. I've debugged this quite a bit, but I have no experience with jQuery's internals, especially Sizzle, so I got a bit lost. Here's what I found so far though.

The infinite loop occurs in selector.js on line 376 with the following statement (arrow points to the line):

TAG: function(match, curLoop){

for ( var i = 0; !curLoop[i]; i++ ){} <-----

return isXML(curLoop[i]) ? match[1] : match[1].toUpperCase();

},

If you remove the nested div with the class SUBELEM-CLASS1, it runs fine. This works in 1.2.6, but obviously the whole selector engine has been rewritten in 1.3. I wish I could give better debugging info, but I could only go so far in the selector source without spending an inordinate amount of time.