Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit924b515

Browse files
authored
Manipulation: Don't remove HTML comments from scripts
When evaluating scripts, jQuery strips out the possible wrapping HTML commentand a CDATA section. However, all supported browsers are already doing thatwhen loading JS via appending a script tag to the DOM which is how we've beendoing `jQuery.globalEval` since jQuery 3.0.0. jQuery logic was imperfect, e.g.it just stripped the `<!--` and `-->` markers, respectively at the beginning orthe end of the script contents. However, browsers are also stripping everythingfollowing those markers in the same line, treating them as single-line commentsdelimiters; this is now also mandated by ECMAScript 2015 in Annex B. Insteadof fixing the jQuery logic, just let the browser do its thing.We still need to strip CDATA sections for backwards compatibility. Thisshouldn't be needed as in XML documents they're already not visible wheninspecting element contents and in HTML documents they have no meaning butwe're preserving that logic for backwards compatibility. This will be removedcompletely in 4.0.Fixesgh-4904Closesgh-4905Refgh-4906
1 parentf12cac6 commit924b515

File tree

2 files changed

+20
-2
lines changed

2 files changed

+20
-2
lines changed

‎src/manipulation.js

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,8 @@ var
4040

4141
// checked="checked" or checked
4242
rchecked=/checked\s*(?:[^=]|=\s*.checked.)/i,
43-
rcleanScript=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g;
43+
44+
rcleanScript=/^\s*<!\[CDATA\[|\]\]>\s*$/g;
4445

4546
// Prefer a tbody over its parent table for containing new rows
4647
functionmanipulationTarget(elem,content){
@@ -195,6 +196,12 @@ function domManip( collection, args, callback, ignored ) {
195196
},doc);
196197
}
197198
}else{
199+
200+
// Unwrap a CDATA section containing script contents. This shouldn't be
201+
// needed as in XML documents they're already not visible when
202+
// inspecting element contents and in HTML documents they have no
203+
// meaning but we're preserving that logic for backwards compatibility.
204+
// This will be removed completely in 4.0. See gh-4904.
198205
DOMEval(node.textContent.replace(rcleanScript,""),node,doc);
199206
}
200207
}

‎test/unit/manipulation.js

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2268,7 +2268,7 @@ QUnit.test( "domManip plain-text caching (trac-6779)", function( assert ) {
22682268

22692269
QUnit.test("domManip executes scripts containing html comments or CDATA (trac-9221)",function(assert){
22702270

2271-
assert.expect(3);
2271+
assert.expect(4);
22722272

22732273
jQuery([
22742274
"<script type='text/javascript'>",
@@ -2293,6 +2293,17 @@ QUnit.test( "domManip executes scripts containing html comments or CDATA (trac-9
22932293
"//--><!]]>",
22942294
"</script>"
22952295
].join("\n")).appendTo("#qunit-fixture");
2296+
2297+
// ES2015 in Annex B requires HTML-style comment delimiters (`<!--` & `-->`) to act as
2298+
// single-line comment delimiters; i.e. they should be treated as `//`.
2299+
// See gh-4904
2300+
jQuery([
2301+
"<script type='text/javascript'>",
2302+
"<!-- Same-line HTML comment",
2303+
"QUnit.assert.ok( true, '<!-- Same-line HTML comment' );",
2304+
"-->",
2305+
"</script>"
2306+
].join("\n")).appendTo("#qunit-fixture");
22962307
});
22972308

22982309
testIframe(

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp