Skip to main content

Bug Tracker

Side navigation

#8539 closed bug (fixed)

Opened March 16, 2011 06:11AM UTC

Closed October 13, 2011 03:12PM UTC

Sizzle cache collision in browsers without querySelectorAll

Reported by: jryans Owned by: timmywil
Priority: high Milestone: 1.7
Component: selector Version: 1.5.1
Keywords: 1.7-discuss Cc:
Blocked by: Blocking:
Description

In browsers without querySelectorAll (IE 6, IE 7, FF 3.0), Sizzle marks the elements it encounters as seen for a particular selection run. The value used as a marker is an integer that comes from an internal counter which is incremented before each new selection, and these markers on left on the elements after selection completes.

This causes trouble when there are two copies of Sizzle on the page. Running a selection in Sizzle copy A sets the marker on a set of elements to 0. If you then run a selection in Sizzle copy B that passes through the same elements, Sizzle will assume it is safe to use a cached value at that point, since the stored marker of 0 matches copy B's marker for this run. This gives unexpected selection results.

See http://jsfiddle.net/uz4dt/6/ for a test case. The second test fails for browsers without querySelectorAll.

Attachments (0)
Change History (18)

Changed March 16, 2011 06:20AM UTC by jryans comment:1

Changed March 30, 2011 05:31PM UTC by rwaldron comment:2

Changed March 30, 2011 05:49PM UTC by rwaldron comment:3

owner: → john
priority: undecidedblocker
status: newassigned

Changed March 30, 2011 07:32PM UTC by john comment:4

component: unfiledselector

Changed May 22, 2011 07:27PM UTC by john comment:5

keywords: → 1.7-discuss

Nominating ticket for 1.7 discussion.

Changed May 22, 2011 09:29PM UTC by rwaldron comment:6

description: In browsers without querySelectorAll (IE 6, IE 7, FF 3.0), Sizzle marks the elements it encounters as seen for a particular selection run. The value used as a marker is an integer that comes from an internal counter which is incremented before each new selection, and these markers on left on the elements after selection completes. \ \ This causes trouble when there are two copies of Sizzle on the page. Running a selection in Sizzle copy A sets the marker on a set of elements to 0. If you then run a selection in Sizzle copy B that passes through the same elements, Sizzle will assume it is safe to use a cached value at that point, since the stored marker of 0 matches copy B's marker for this run. This gives unexpected selection results. \ \ See http://jsfiddle.net/uz4dt/6/ for a test case. The second test fails for browsers without querySelectorAll.In browsers without querySelectorAll (IE 6, IE 7, FF 3.0), Sizzle marks the elements it encounters as seen for a particular selection run. The value used as a marker is an integer that comes from an internal counter which is incremented before each new selection, and these markers on left on the elements after selection completes.\ \ This causes trouble when there are two copies of Sizzle on the page. Running a selection in Sizzle copy A sets the marker on a set of elements to 0. If you then run a selection in Sizzle copy B that passes through the same elements, Sizzle will assume it is safe to use a cached value at that point, since the stored marker of 0 matches copy B's marker for this run. This gives unexpected selection results.\ \ See http://jsfiddle.net/uz4dt/6/ for a test case. The second test fails for browsers without querySelectorAll.

+1, Seems like a bug, should be fixed

Changed May 23, 2011 12:35AM UTC by jaubourg comment:7

+1, Sizzle should have a mean to specify which counter field name to use, right?

Changed May 23, 2011 04:22AM UTC by timmywil comment:8

+1,

Changed May 24, 2011 09:20PM UTC by dmethvin comment:9

description: In browsers without querySelectorAll (IE 6, IE 7, FF 3.0), Sizzle marks the elements it encounters as seen for a particular selection run. The value used as a marker is an integer that comes from an internal counter which is incremented before each new selection, and these markers on left on the elements after selection completes.\ \ This causes trouble when there are two copies of Sizzle on the page. Running a selection in Sizzle copy A sets the marker on a set of elements to 0. If you then run a selection in Sizzle copy B that passes through the same elements, Sizzle will assume it is safe to use a cached value at that point, since the stored marker of 0 matches copy B's marker for this run. This gives unexpected selection results.\ \ See http://jsfiddle.net/uz4dt/6/ for a test case. The second test fails for browsers without querySelectorAll.In browsers without querySelectorAll (IE 6, IE 7, FF 3.0), Sizzle marks the elements it encounters as seen for a particular selection run. The value used as a marker is an integer that comes from an internal counter which is incremented before each new selection, and these markers on left on the elements after selection completes. \ \ This causes trouble when there are two copies of Sizzle on the page. Running a selection in Sizzle copy A sets the marker on a set of elements to 0. If you then run a selection in Sizzle copy B that passes through the same elements, Sizzle will assume it is safe to use a cached value at that point, since the stored marker of 0 matches copy B's marker for this run. This gives unexpected selection results. \ \ See http://jsfiddle.net/uz4dt/6/ for a test case. The second test fails for browsers without querySelectorAll.

+1, although it would be preferable to ban IE6/7 from the planet.

Changed June 03, 2011 01:50PM UTC by john comment:10

description: In browsers without querySelectorAll (IE 6, IE 7, FF 3.0), Sizzle marks the elements it encounters as seen for a particular selection run. The value used as a marker is an integer that comes from an internal counter which is incremented before each new selection, and these markers on left on the elements after selection completes. \ \ This causes trouble when there are two copies of Sizzle on the page. Running a selection in Sizzle copy A sets the marker on a set of elements to 0. If you then run a selection in Sizzle copy B that passes through the same elements, Sizzle will assume it is safe to use a cached value at that point, since the stored marker of 0 matches copy B's marker for this run. This gives unexpected selection results. \ \ See http://jsfiddle.net/uz4dt/6/ for a test case. The second test fails for browsers without querySelectorAll.In browsers without querySelectorAll (IE 6, IE 7, FF 3.0), Sizzle marks the elements it encounters as seen for a particular selection run. The value used as a marker is an integer that comes from an internal counter which is incremented before each new selection, and these markers on left on the elements after selection completes.\ \ This causes trouble when there are two copies of Sizzle on the page. Running a selection in Sizzle copy A sets the marker on a set of elements to 0. If you then run a selection in Sizzle copy B that passes through the same elements, Sizzle will assume it is safe to use a cached value at that point, since the stored marker of 0 matches copy B's marker for this run. This gives unexpected selection results.\ \ See http://jsfiddle.net/uz4dt/6/ for a test case. The second test fails for browsers without querySelectorAll.

+1, Not 100% keen on the currently proposed solution but yeah, seems like we can do something here.

Changed June 03, 2011 03:52PM UTC by scottgonzalez comment:11

+1

Changed June 04, 2011 10:17PM UTC by addyosmani comment:12

+1

Changed June 05, 2011 09:23PM UTC by ajpiano comment:13

description: In browsers without querySelectorAll (IE 6, IE 7, FF 3.0), Sizzle marks the elements it encounters as seen for a particular selection run. The value used as a marker is an integer that comes from an internal counter which is incremented before each new selection, and these markers on left on the elements after selection completes.\ \ This causes trouble when there are two copies of Sizzle on the page. Running a selection in Sizzle copy A sets the marker on a set of elements to 0. If you then run a selection in Sizzle copy B that passes through the same elements, Sizzle will assume it is safe to use a cached value at that point, since the stored marker of 0 matches copy B's marker for this run. This gives unexpected selection results.\ \ See http://jsfiddle.net/uz4dt/6/ for a test case. The second test fails for browsers without querySelectorAll.In browsers without querySelectorAll (IE 6, IE 7, FF 3.0), Sizzle marks the elements it encounters as seen for a particular selection run. The value used as a marker is an integer that comes from an internal counter which is incremented before each new selection, and these markers on left on the elements after selection completes. \ \ This causes trouble when there are two copies of Sizzle on the page. Running a selection in Sizzle copy A sets the marker on a set of elements to 0. If you then run a selection in Sizzle copy B that passes through the same elements, Sizzle will assume it is safe to use a cached value at that point, since the stored marker of 0 matches copy B's marker for this run. This gives unexpected selection results. \ \ See http://jsfiddle.net/uz4dt/6/ for a test case. The second test fails for browsers without querySelectorAll.

+1

Changed July 12, 2011 02:47PM UTC by dmethvin comment:14

milestone: 1.next1.7

Changed September 26, 2011 04:30PM UTC by timmywil comment:15

owner: johntimmywil
priority: blockerhigh

Changed October 12, 2011 02:32PM UTC by timmywil comment:16

http://jsfiddle.net/timmywil/uz4dt/16/show/

The property on the element is just elem.sizcache. I'm thinking that should be like jQuery's expando, e.g.

sizzle340987234098230. Then done can stay a regular counter and we avoid collisions.

Changed October 12, 2011 03:20PM UTC by timmywil comment:17

oh, that's still linking to my local jquery. That can be changed to another jquery location if you'd like to see it working.

Changed October 13, 2011 03:12PM UTC by timmywil comment:18

resolution: → fixed
status: assignedclosed

Update sizzle; Add sizzle cache collision iframe test. Fixes #8539.

Changeset: 8723f3b9e1db5d4fdcd50624441fe3536d1ae2f2