Bug Tracker

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#10304 closed bug (wontfix)

"jQuery[0-9]*=*" being stripped on .html() call.

Reported by: Krinkle Owned by: Krinkle
Priority: low Milestone: 1.7
Component: core Version: 1.6.4rc1
Keywords: Cc:
Blocked by: Blocking:

Description (last modified by Rick Waldron)

jQuery strips that. Although it makes sense in a way, right now it's stripping them from just plain text, which is wrong. It should only remove them in places where they are actual attributes (ie. within < and >).

Example: $('<div>Lorem ipsum do foo and see <code> jQuery164040582746267318726="1"</code> foo bar</div>').html()

Reproduction: http://jsfiddle.net/yHCrw/

Change History (7)

comment:1 Changed 6 years ago by Rick Waldron

Description: modified (diff)
Owner: set to Krinkle
Status: newpending

what reason does your code have to need "jQuery" prefixed pseudo-guid string?

comment:2 Changed 6 years ago by Krinkle

Status: pendingnew

The blog where I encountered this bug had a blogpost about the jQuery guid.

Right now it's not removing certain ones in particular but any occurrence anywhere in the innerHTML, not limited to where (ie. between <tag and >) nor limited to which numbers (depending on how jQuery calculates these numbers it may be very possible to limit it to only match guids higher than the one it started with).

Actually, I don't think it's needed to check the number it self, Just making it only match between <tag and ` will fix most if not all cases (since then it's an actual attribute for which it is fair to assume that it was added by jQuery).

But right now it's not checking for the attribute, it's checking for the string itself.

comment:3 Changed 6 years ago by Rick Waldron

So basically, someone drilled a hole in a bucket, then called the bucket company to report faulty buckets? Or like, reporting faulty retina scan hardware... because a gouged out eye is still scannable.

comment:4 Changed 6 years ago by Rick Waldron

Description: modified (diff)

comment:5 Changed 6 years ago by Rick Waldron

Status: newpending

comment:6 Changed 6 years ago by Rick Waldron

Component: unfiledcore
Milestone: None1.7
Priority: undecidedlow
Resolution: wontfix
Status: pendingclosed

comment:7 Changed 6 years ago by Krinkle

If the use case were an element with an attribute that looks like jQuery[0-9] then I'd say, sure. That's invalid, wontfix since it's supposed to happen and people shouldn't use such attributes.

However that's not the case here, I'm talking about a mention of jQuery[0-9] in clear text of the elements contents (NOT the attributes). Like this bug ticket for example mentioning jQuery012="foo" here and calling .html() on this paragraph element would strip that, this a genuine bug in my opinion as jQuery has no interest in stripping those, it's only intending to strip the attributes that it added.

Note: See TracTickets for help on using tickets.