Skip to main content

Bug Tracker

Side navigation

#6842 closed bug (fixed)

Opened July 28, 2010 05:25PM UTC

Closed December 27, 2010 04:14AM UTC

Last modified March 13, 2012 09:27PM UTC

Expando Collision Possible With noConflict()

Reported by: SlexAxton Owned by: SlexAxton
Priority: high Milestone: 1.5
Component: data Version: 1.4.3
Keywords: expando, collision, noconflict, needsreview Cc:
Blocked by: Blocking:
Description

If a page has two copies of jQuery, the jQuery expando property can still collide between these two copies even if noConflict is called. This has always been the case, but it hasn't really been feasible until some of the new V8 builds.

The expando is based off of the current millisecond:

var expando = "jQuery" + now()

This reference is available on the jQuery object, but private references exist, so it's not entirely patchable at this point, from the outside.

This would presumably be bad anywhere that unique expandos are necessary.

Test Case Here: http://jsbin.com/ifone

Proof that it's getting too close to ignore: http://slexaxton.com/pix/afe1.png

Attachments (0)
Change History (11)

Changed July 28, 2010 07:37PM UTC by john comment:1

Any suggestions as to an alternative? The random number generator may get us part of the way there - but I don't like having a continued random chance of a collision happening.

It might also be worthwhile to change the 'jQuery' bit to something like 'jq' + jQuery.fn.jquery to help differentiate between versions of jQuery.

Changed August 13, 2010 12:31AM UTC by SlexAxton comment:2

Replying to [comment:1 john]:

Any suggestions as to an alternative? The random number generator may get us part of the way there - but I don't like having a continued random chance of a collision happening. It might also be worthwhile to change the 'jQuery' bit to something like 'jq' + jQuery.fn.jquery to help differentiate between versions of jQuery.

This really only matters during the use of noConflict (otherwise a lot more than this can conflict...), so perhaps changing up noConflict a bit to accept a custom expando prefix.

var my$ = jQuery.noConflict(true, 'mycoolprefix');

valid option?

Changed September 01, 2010 08:32PM UTC by cowboy comment:3

You could do something like this, instead of var expando = "jQuery" + now():

var jq = window.jQuery || window.$,
  expando = "jQuery" + (
    ( jq && jq.expando && +jq.expando.replace( /\\D/g, "" ) || 0 ) + 1
  );

Changed September 01, 2010 09:52PM UTC by SlexAxton comment:4

I'd love for the solution to not be susceptible to collisions, even though they are even more rare than this one.

The problem with your solution, Ben, is that if someone has done noConflict(true), then a conflict is still possible. That's pretty rare, but I have run into it.

Changed September 30, 2010 09:24PM UTC by SlexAxton comment:5

I have submitted a patch for this on github: http://github.com/jquery/jquery/pull/29

Changed October 20, 2010 11:14PM UTC by snover comment:6

milestone: 1.4.31.5
priority: → high
status: newopen
version: 1.4.21.4.3

Changed November 19, 2010 07:32PM UTC by addyosmani comment:7

keywords: expando, collision, noconflictexpando, collision, noconflict, needsreview

Changed November 19, 2010 07:36PM UTC by SlexAxton comment:8

The most recent pull request after github discussion is here:

https://github.com/jquery/jquery/pull/50

Changed November 19, 2010 07:37PM UTC by SlexAxton comment:9

owner: → SlexAxton
status: openassigned

Changed December 27, 2010 04:14AM UTC by Alex Sexton comment:10

resolution: → fixed
status: assignedclosed

Changed the expando string to use a random number instead of the time, so collisions become less likely. Also added jQuery version to instantly differentiate separate versions of jQuery (a common use case for noConflict, etc, when two jQuery instances are on the page). Fixes #6842.

Changeset: faabb2c31883deabaddd5642eb5e708b5802f2b0

Changed December 28, 2010 01:31AM UTC by Alex Sexton comment:11

Changed the expando string to use a random number instead of the time, so collisions become less likely. Also added jQuery version to instantly differentiate separate versions of jQuery (a common use case for noConflict, etc, when two jQuery instances are on the page). Fixes #6842.

Changeset: faabb2c31883deabaddd5642eb5e708b5802f2b0