From 8a777c0044371706984cfec937eaa0cba6ec9d0b Mon Sep 17 00:00:00 2001 From: ctcpip Date: Thu, 15 Feb 2024 17:21:27 -0600 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20jQuery=20v1.4.5-sec?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 29 ++- security/README.md | 57 ++++- security/site/vendor/jquery-1.4.5-sec.js | 271 +++++++++++------------ security/test/test.mjs | 1 + 4 files changed, 200 insertions(+), 158 deletions(-) mode change 100644 => 100755 security/site/vendor/jquery-1.4.5-sec.js diff --git a/README.md b/README.md index 75112df89c..c7ce18c28f 100644 --- a/README.md +++ b/README.md @@ -32,20 +32,20 @@ In some cases, it may be unavoidable that a security fix involves a breaking cha In a perfect world, at least every MAJOR EOL jQuery release line would have a security-patched release. "Major" refers to the meaning of the term in [SemVer](https://semver.org/), thus releases that have breaking changes. The goal is to provide a patched version of jQuery for all major release lines to provide a path of least resistance for all downstream users to upgrade to a secure version jQuery with [no (or minimal) breaking changes](#but-what-about-breaking-changes). -| jQuery version | jQuery-sec version | Branch | PR | Release | CVEs Patched | -| -------------- | ------------------ | ----------- | -------------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------ | -| `1.2.6` | `1.2.7-sec` | [1.2.7-sec] | [PR][1.2.7-pr] | | [CVE-2011-4969] \| [CVE-2012-6708] \| CVE-2015-9251* \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | -| `1.3.2` | `1.3.3-sec` | [1.3.3-sec] | [PR][1.3.3-pr] | | [CVE-2011-4969] \| [CVE-2012-6708] \| CVE-2015-9251* \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | -| `1.4.4` | `1.4.5-sec` | | | | [CVE-2011-4969] \| [CVE-2012-6708] \| [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | -| `1.5.2` | `1.5.3-sec` | | | | [CVE-2011-4969] \| [CVE-2012-6708] \| [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | -| `1.6.4` | `1.6.5-sec` | [1.6.5-sec] | [PR][1.6.5-pr] | | [CVE-2012-6708] \| [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | -| `1.7.2` | `1.7.3-sec` | | | | [CVE-2012-6708] \| [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | -| `1.8.3` | `1.8.4-sec` | | | | [CVE-2012-6708] \| [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | -| `1.12.4` | `1.12.5-sec` | | | | [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-11022] \| [CVE-2020-11023] | -| `2.2.4` | `2.2.5-sec` | | | | [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-11022] \| [CVE-2020-11023] \| [CVE-2020-23064] | +| jQuery version | jQuery-sec version | Branch | PR | Release | CVEs Patched | +| -------------- | ------------------ | ----------- | -------------- | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | +| `1.2.6` | `1.2.7-sec` | [1.2.7-sec] | [PR][1.2.7-pr] | | [CVE-2011-4969] \| [CVE-2012-6708] \| CVE-2015-9251\* \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | +| `1.3.2` | `1.3.3-sec` | [1.3.3-sec] | [PR][1.3.3-pr] | | [CVE-2011-4969] \| [CVE-2012-6708] \| CVE-2015-9251\* \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | +| `1.4.4` | `1.4.5-sec` | [1.4.5-sec] | [PR][1.4.5-pr] | | [CVE-2011-4969] \| [CVE-2012-6708] \| [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | +| `1.5.2` | `1.5.3-sec` | | | | [CVE-2011-4969] \| [CVE-2012-6708] \| [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | +| `1.6.4` | `1.6.5-sec` | [1.6.5-sec] | [PR][1.6.5-pr] | | [CVE-2012-6708] \| [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | +| `1.7.2` | `1.7.3-sec` | | | | [CVE-2012-6708] \| [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | +| `1.8.3` | `1.8.4-sec` | | | | [CVE-2012-6708] \| [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-7656] \| [CVE-2020-11022] \| [CVE-2020-11023] | +| `1.12.4` | `1.12.5-sec` | | | | [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-11022] \| [CVE-2020-11023] | +| `2.2.4` | `2.2.5-sec` | | | | [CVE-2015-9251] \| [CVE-2019-11358] \| [CVE-2020-11022] \| [CVE-2020-11023] \| [CVE-2020-23064] | > [!IMPORTANT] -> *CVE-2015-9251 is not reproducible in `1.2.6` and `1.3.2` +> \*CVE-2015-9251 is not reproducible in `1.2.6` and `1.3.2` > [!NOTE] > The 3.x release line is currently supported by jQuery, so we have no need to provide patched versions of 3.x at this time. jQuery 3.5 introduced a breaking change, but it was necessary to fix CVE-2020-11022 and CVE-2020-11023. However, since these vulnerabilities are present in virtually all versions of jQuery, there would be no value in providing a patched version of 3.4 as it would need to include that breaking change anyway. @@ -60,13 +60,12 @@ Ultimately, our hope is that these patched versions can be approved and accepted [1.2.7-sec]: https://github.com/ctcpip/jquery-security-patches/tree/1.2.7-sec [1.2.7-pr]: https://github.com/ctcpip/jquery-security-patches/pull/2 - [1.3.3-sec]: https://github.com/ctcpip/jquery-security-patches/tree/1.3.3-sec [1.3.3-pr]: https://github.com/ctcpip/jquery-security-patches/pull/3 - +[1.4.5-sec]: https://github.com/ctcpip/jquery-security-patches/tree/1.4.5-sec +[1.4.5-pr]: https://github.com/ctcpip/jquery-security-patches/pull/4 [1.6.5-sec]: https://github.com/ctcpip/jquery-security-patches/tree/1.6.5-sec [1.6.5-pr]: https://github.com/ctcpip/jquery-security-patches/pull/1 - [CVE-2011-4969]: https://github.com/advisories/GHSA-579v-mp3v-rrw5 [CVE-2012-6708]: https://github.com/advisories/GHSA-2pqj-h3vj-pqgw [CVE-2015-9251]: https://github.com/advisories/GHSA-rmxg-73gg-4p98 diff --git a/security/README.md b/security/README.md index 8bba7f1711..15d0d0067b 100644 --- a/security/README.md +++ b/security/README.md @@ -1,3 +1,5 @@ + + # Testing (and building) jQuery > [!IMPORTANT] @@ -21,6 +23,36 @@ - Run `make test` from the root folder of the repo - Open `/tests/index.html` in your browser --> +##### 1.4.4 / 1.4.5-sec + +###### Prerequisites + +- Install php 5.6 + - For Macs, We recommend using [homebrew-php](https://github.com/shivammathur/homebrew-php) + +###### Running the tests + +- Checkout the `1.4.4` or `1.4.5-sec` branch +- From the root folder of the repo: + - `git clone git@github.com:qunitjs/qunit.git --depth=1 test/qunit` + - `cd test/qunit` + - Get the closest QUnit commit to the jQuery version/release: + - `git checkout 25e4489a5f280e8f0a22ca99ecb401338bb75308` + - `cd ../..` + - `git clone git@github.com:jquery/sizzle.git --depth=1 src/sizzle` + - `cd src/sizzle` + - `git fetch --tags` + - Get corresponding sizzle branch for this jQuery version/release: + - `git checkout 1.4.4` + - `cd ..` + - Create symlink to src in test folder: + - `ln -s ../src src` + - `cd ..` + - `make jquery` + - Run php server: + - `php -S 127.0.0.1:8000 -t test` +- Open `/tests/index.html` in your browser + ##### 1.6.4 / 1.6.5-sec ###### Prerequisites @@ -59,19 +91,34 @@ You can run the A/B tests locally in CI mode or manually in the browser ## Building - ### 1.2.6 / 1.2.7-sec - Checkout the `1.2.6` or `1.2.7-sec` branch - Run `make jquery` from the root folder of the repo - - this will output `./dist/jquery.js` + - This will output `./dist/jquery.js` - ### 1.3.2 / 1.3.3-sec - Checkout the `1.3.2` or `1.3.3-sec` branch - Run `make jquery` from the root folder of the repo - - this will output `./dist/jquery.js` + - This will output `./dist/jquery.js` + +### 1.4.4 / 1.4.5-sec + +- Checkout the `1.4.4` or `1.4.5-sec` branch +- From the root folder of the repo: + - `git clone git@github.com:qunitjs/qunit.git --depth=1 test/qunit` + - `cd test/qunit` + - Get the closest QUnit commit to the jQuery version/release: + - `git checkout 25e4489a5f280e8f0a22ca99ecb401338bb75308` + - `cd ../..` + - `git clone git@github.com:jquery/sizzle.git --depth=1 src/sizzle` + - `cd src/sizzle` + - `git fetch --tags` + - Get corresponding sizzle branch for this jQuery version/release: + - `git checkout 1.4.4` + - `cd ../..` + - Run `make jquery` + - This will output `./dist/jquery.js` - ### 1.6.4 / 1.6.5-sec diff --git a/security/site/vendor/jquery-1.4.5-sec.js b/security/site/vendor/jquery-1.4.5-sec.js old mode 100644 new mode 100755 index 33e1f12a86..06026f8e47 --- a/security/site/vendor/jquery-1.4.5-sec.js +++ b/security/site/vendor/jquery-1.4.5-sec.js @@ -1,5 +1,5 @@ /*! - * jQuery JavaScript Library v1.4.4 + * jQuery JavaScript Library v1.4.5-sec * http://jquery.com/ * * Copyright 2010, John Resig @@ -11,7 +11,7 @@ * Copyright 2010, The Dojo Foundation * Released under the MIT, BSD, and GPL Licenses. * - * Date: Thu Nov 11 19:04:53 2010 -0500 + * Date: Thu Feb 15 16:39:20 2024 -0600 */ (function( window, undefined ) { @@ -35,8 +35,9 @@ var jQuery = function( selector, context ) { rootjQuery, // A simple way to check for HTML strings or ID strings - // (both of which we optimize for) - quickExpr = /^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]+)$)/, + // Prioritize #id over to avoid XSS via location.hash (#9521) + // Strict HTML recognition (#11290: must start with <) + quickExpr = /^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/, // Is it a simple selector isSimple = /^.[^:#\[\.,]*$/, @@ -75,10 +76,10 @@ var jQuery = function( selector, context ) { // For matching the engine and version of the browser browserMatch, - + // Has the ready events already been bound? readyBound = false, - + // The functions to execute on DOM ready readyList = [], @@ -92,7 +93,7 @@ var jQuery = function( selector, context ) { slice = Array.prototype.slice, trim = String.prototype.trim, indexOf = Array.prototype.indexOf, - + // [[Class]] -> type pairs class2type = {}; @@ -111,7 +112,7 @@ jQuery.fn = jQuery.prototype = { this.length = 1; return this; } - + // The body element only exists once, optimize finding it if ( selector === "body" && !context && document.body ) { this.context = document; @@ -150,9 +151,9 @@ jQuery.fn = jQuery.prototype = { ret = jQuery.buildFragment( [ match[1] ], [ doc ] ); selector = (ret.cacheable ? ret.fragment.cloneNode(true) : ret.fragment).childNodes; } - + return jQuery.merge( this, selector ); - + // HANDLE: $("#id") } else { elem = document.getElementById( match[2] ); @@ -245,7 +246,7 @@ jQuery.fn = jQuery.prototype = { if ( jQuery.isArray( elems ) ) { push.apply( ret, elems ); - + } else { jQuery.merge( ret, elems ); } @@ -271,7 +272,7 @@ jQuery.fn = jQuery.prototype = { each: function( callback, args ) { return jQuery.each( this, callback, args ); }, - + ready: function( fn ) { // Attach the listeners jQuery.bindReady(); @@ -289,7 +290,7 @@ jQuery.fn = jQuery.prototype = { return this; }, - + eq: function( i ) { return i === -1 ? this.slice( i ) : @@ -314,7 +315,7 @@ jQuery.fn = jQuery.prototype = { return callback.call( elem, i, elem ); })); }, - + end: function() { return this.prevObject || jQuery(null); }, @@ -363,8 +364,9 @@ jQuery.extend = jQuery.fn.extend = function() { src = target[ name ]; copy = options[ name ]; + // Prevent Object.prototype pollution // Prevent never-ending loop - if ( target === copy ) { + if ( name === "__proto__" || target === copy ) { continue; } @@ -403,14 +405,14 @@ jQuery.extend({ return jQuery; }, - + // Is the DOM ready to be used? Set to true once it occurs. isReady: false, // A counter to track how many items to wait for before // the ready event fires. See #6781 readyWait: 1, - + // Handle when the DOM is ready ready: function( wait ) { // A third-party is pushing the ready event forwards @@ -454,7 +456,7 @@ jQuery.extend({ } } }, - + bindReady: function() { if ( readyBound ) { return; @@ -473,7 +475,7 @@ jQuery.extend({ if ( document.addEventListener ) { // Use the handy event callback document.addEventListener( "DOMContentLoaded", DOMContentLoaded, false ); - + // A fallback to window.onload, that will always work window.addEventListener( "load", jQuery.ready, false ); @@ -482,7 +484,7 @@ jQuery.extend({ // ensure firing before onload, // maybe late but safe also for iframes document.attachEvent("onreadystatechange", DOMContentLoaded); - + // A fallback to window.onload, that will always work window.attachEvent( "onload", jQuery.ready ); @@ -533,20 +535,20 @@ jQuery.extend({ if ( !obj || jQuery.type(obj) !== "object" || obj.nodeType || jQuery.isWindow( obj ) ) { return false; } - + // Not own constructor property must be Object if ( obj.constructor && !hasOwn.call(obj, "constructor") && !hasOwn.call(obj.constructor.prototype, "isPrototypeOf") ) { return false; } - + // Own properties are enumerated firstly, so to speed up, // if last one is own, then all properties are own. - + var key; for ( key in obj ) {} - + return key === undefined || hasOwn.call( obj, key ); }, @@ -556,11 +558,11 @@ jQuery.extend({ } return true; }, - + error: function( msg ) { throw msg; }, - + parseJSON: function( data ) { if ( typeof data !== "string" || !data ) { return null; @@ -568,7 +570,7 @@ jQuery.extend({ // Make sure leading/trailing whitespace is removed (IE can't handle it) data = jQuery.trim( data ); - + // Make sure the incoming data is actual JSON // Logic borrowed from http://json.org/json2.js if ( rvalidchars.test(data.replace(rvalidescape, "@") @@ -710,7 +712,7 @@ jQuery.extend({ for ( var l = second.length; j < l; j++ ) { first[ i++ ] = second[ j ]; } - + } else { while ( second[j] !== undefined ) { first[ i++ ] = second[ j++ ]; @@ -790,7 +792,7 @@ jQuery.extend({ // The value/s can be optionally by executed if its a function access: function( elems, key, value, exec, fn, pass ) { var length = elems.length; - + // Setting many attributes if ( typeof key === "object" ) { for ( var k in key ) { @@ -798,19 +800,19 @@ jQuery.extend({ } return elems; } - + // Setting one attribute if ( value !== undefined ) { // Optionally, function values get executed if exec is true exec = !pass && exec && jQuery.isFunction(value); - + for ( var i = 0; i < length; i++ ) { fn( elems[i], key, exec ? value.call( elems[i], i, fn( elems[i], key ) ) : value, pass ); } - + return elems; } - + // Getting an attribute return length ? fn( elems[0], key ) : undefined; }, @@ -1115,7 +1117,7 @@ jQuery.extend({ // Please use with caution uuid: 0, - // Unique for each copy of jQuery on the page + // Unique for each copy of jQuery on the page expando: "jQuery" + jQuery.now(), // The following elements throw uncatchable exceptions if you @@ -1607,7 +1609,7 @@ jQuery.fn.extend({ var option = options[ i ]; // Don't return options that are disabled or in a disabled optgroup - if ( option.selected && (jQuery.support.optDisabled ? !option.disabled : option.getAttribute("disabled") === null) && + if ( option.selected && (jQuery.support.optDisabled ? !option.disabled : option.getAttribute("disabled") === null) && (!option.parentNode.disabled || !jQuery.nodeName( option.parentNode, "optgroup" )) ) { // Get the specific value for the option @@ -1630,7 +1632,7 @@ jQuery.fn.extend({ if ( rradiocheck.test( elem.type ) && !jQuery.support.checkOn ) { return elem.getAttribute("value") === null ? "on" : elem.value; } - + // Everything else, we just grab the value return (elem.value || "").replace(rreturn, ""); @@ -1696,7 +1698,7 @@ jQuery.extend({ height: true, offset: true }, - + attr: function( elem, name, value, pass ) { // don't set attributes on text and comment nodes if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 ) { @@ -1865,7 +1867,7 @@ jQuery.event = { var eventKey = elem.nodeType ? "events" : "__events__", events = elemData[ eventKey ], eventHandle = elemData.handle; - + if ( typeof events === "function" ) { // On plain objects events is a fn that holds the the data // which prevents this data from being JSON serialized @@ -1945,9 +1947,9 @@ jQuery.event = { } } } - - if ( special.add ) { - special.add.call( elem, handleObj ); + + if ( special.add ) { + special.add.call( elem, handleObj ); if ( !handleObj.handler.guid ) { handleObj.handler.guid = handler.guid; @@ -1986,7 +1988,7 @@ jQuery.event = { if ( !elemData || !events ) { return; } - + if ( typeof events === "function" ) { elemData = events; events = events.events; @@ -2024,7 +2026,7 @@ jQuery.event = { namespaces = type.split("."); type = namespaces.shift(); - namespace = new RegExp("(^|\\.)" + + namespace = new RegExp("(^|\\.)" + jQuery.map( namespaces.slice(0).sort(), fcleanup ).join("\\.(?:.*\\.)?") + "(\\.|$)"); } @@ -2186,7 +2188,7 @@ jQuery.event = { isClick = jQuery.nodeName( target, "a" ) && targetType === "click", special = jQuery.event.special[ targetType ] || {}; - if ( (!special._default || special._default.call( elem, event ) === false) && + if ( (!special._default || special._default.call( elem, event ) === false) && !isClick && !(target && target.nodeName && jQuery.noData[target.nodeName.toLowerCase()]) ) { try { @@ -2256,7 +2258,7 @@ jQuery.event = { event.handler = handleObj.handler; event.data = handleObj.data; event.handleObj = handleObj; - + var ret = handleObj.handler.apply( this, args ); if ( ret !== undefined ) { @@ -2355,7 +2357,7 @@ jQuery.event = { add: function( handleObj ) { jQuery.event.add( this, liveConvert( handleObj.origType, handleObj.selector ), - jQuery.extend({}, handleObj, {handler: liveHandler, guid: handleObj.handler.guid}) ); + jQuery.extend({}, handleObj, {handler: liveHandler, guid: handleObj.handler.guid}) ); }, remove: function( handleObj ) { @@ -2385,7 +2387,7 @@ jQuery.removeEvent = document.removeEventListener ? if ( elem.removeEventListener ) { elem.removeEventListener( type, handle, false ); } - } : + } : function( elem, type, handle ) { if ( elem.detachEvent ) { elem.detachEvent( "on" + type, handle ); @@ -2432,7 +2434,7 @@ jQuery.Event.prototype = { if ( !e ) { return; } - + // if preventDefault exists run it on the original event if ( e.preventDefault ) { e.preventDefault(); @@ -2528,7 +2530,7 @@ if ( !jQuery.support.submitBubbles ) { return trigger( "submit", this, arguments ); } }); - + jQuery.event.add(this, "keypress.specialSubmit", function( e ) { var elem = e.target, type = elem.type; @@ -2590,7 +2592,7 @@ if ( !jQuery.support.changeBubbles ) { if ( e.type !== "focusout" || elem.type !== "radio" ) { jQuery.data( elem, "_change_data", val ); } - + if ( data === undefined || val === data ) { return; } @@ -2604,7 +2606,7 @@ if ( !jQuery.support.changeBubbles ) { jQuery.event.special.change = { filters: { - focusout: testChange, + focusout: testChange, beforedeactivate: testChange, @@ -2675,15 +2677,15 @@ if ( document.addEventListener ) { if ( focusCounts[fix]++ === 0 ) { document.addEventListener( orig, handler, true ); } - }, - teardown: function() { + }, + teardown: function() { if ( --focusCounts[fix] === 0 ) { document.removeEventListener( orig, handler, true ); } } }; - function handler( e ) { + function handler( e ) { e = jQuery.event.fix( e ); e.type = fix; return jQuery.event.trigger( e, null, e.target ); @@ -2700,7 +2702,7 @@ jQuery.each(["bind", "one"], function( i, name ) { } return this; } - + if ( jQuery.isFunction( data ) || data === false ) { fn = data; data = undefined; @@ -2740,20 +2742,20 @@ jQuery.fn.extend({ return this; }, - + delegate: function( selector, types, data, fn ) { return this.live( types, data, fn, selector ); }, - + undelegate: function( selector, types, fn ) { if ( arguments.length === 0 ) { return this.unbind( "live" ); - + } else { return this.die( types, null, fn, selector ); } }, - + trigger: function( type, data ) { return this.each(function() { jQuery.event.trigger( type, data, this ); @@ -2810,12 +2812,12 @@ jQuery.each(["live", "die"], function( i, name ) { var type, i = 0, match, namespaces, preType, selector = origSelector || this.selector, context = origSelector ? this : jQuery( this.context ); - + if ( typeof types === "object" && !types.preventDefault ) { for ( var key in types ) { context[ name ]( key, data, types[key], selector ); } - + return this; } @@ -2862,7 +2864,7 @@ jQuery.each(["live", "die"], function( i, name ) { context.unbind( "live." + liveConvert( type, selector ), fn ); } } - + return this; }; }); @@ -2881,7 +2883,7 @@ function liveHandler( event ) { if ( event.liveFired === this || !events || !events.live || event.button && event.type === "click" ) { return; } - + if ( event.namespace ) { namespace = new RegExp("(^|\\.)" + event.namespace.split(".").join("\\.(?:.*\\.)?") + "(\\.|$)"); } @@ -3029,7 +3031,7 @@ var Sizzle = function( selector, context, results, seed ) { if ( context.nodeType !== 1 && context.nodeType !== 9 ) { return []; } - + if ( !selector || typeof selector !== "string" ) { return results; } @@ -3039,7 +3041,7 @@ var Sizzle = function( selector, context, results, seed ) { contextXML = Sizzle.isXML( context ), parts = [], soFar = selector; - + // Reset the position of the chunker regexp (start from head) do { chunker.exec( "" ); @@ -3047,9 +3049,9 @@ var Sizzle = function( selector, context, results, seed ) { if ( m ) { soFar = m[3]; - + parts.push( m[1] ); - + if ( m[2] ) { extra = m[3]; break; @@ -3073,7 +3075,7 @@ var Sizzle = function( selector, context, results, seed ) { if ( Expr.relative[ selector ] ) { selector += parts.shift(); } - + set = posProcess( selector, set ); } } @@ -3202,7 +3204,7 @@ Sizzle.find = function( expr, context, isXML ) { for ( var i = 0, l = Expr.order.length; i < l; i++ ) { var match, type = Expr.order[i]; - + if ( (match = Expr.leftMatch[ type ].exec( expr )) ) { var left = match[1]; match.splice( 1, 1 ); @@ -3518,7 +3520,7 @@ var Expr = Sizzle.selectors = { ATTR: function( match, curLoop, inplace, result, not, isXML ) { var name = match[1].replace(/\\/g, ""); - + if ( !isXML && Expr.attrMap[name] ) { match[1] = Expr.attrMap[name]; } @@ -3549,7 +3551,7 @@ var Expr = Sizzle.selectors = { } else if ( Expr.match.POS.test( match[0] ) || Expr.match.CHILD.test( match[0] ) ) { return true; } - + return match; }, @@ -3559,7 +3561,7 @@ var Expr = Sizzle.selectors = { return match; } }, - + filters: { enabled: function( elem ) { return elem.disabled === false && elem.type !== "hidden"; @@ -3572,12 +3574,12 @@ var Expr = Sizzle.selectors = { checked: function( elem ) { return elem.checked === true; }, - + selected: function( elem ) { // Accessing this property makes selected-by-default // options in Safari work properly elem.parentNode.selectedIndex; - + return elem.selected === true; }, @@ -3703,21 +3705,21 @@ var Expr = Sizzle.selectors = { case "only": case "first": while ( (node = node.previousSibling) ) { - if ( node.nodeType === 1 ) { - return false; + if ( node.nodeType === 1 ) { + return false; } } - if ( type === "first" ) { - return true; + if ( type === "first" ) { + return true; } node = elem; case "last": while ( (node = node.nextSibling) ) { - if ( node.nodeType === 1 ) { - return false; + if ( node.nodeType === 1 ) { + return false; } } @@ -3730,22 +3732,22 @@ var Expr = Sizzle.selectors = { if ( first === 1 && last === 0 ) { return true; } - + var doneName = match[0], parent = elem.parentNode; - + if ( parent && (parent.sizcache !== doneName || !elem.nodeIndex) ) { var count = 0; - + for ( node = parent.firstChild; node; node = node.nextSibling ) { if ( node.nodeType === 1 ) { node.nodeIndex = ++count; } - } + } parent.sizcache = doneName; } - + var diff = elem.nodeIndex - last; if ( first === 0 ) { @@ -3764,7 +3766,7 @@ var Expr = Sizzle.selectors = { TAG: function( elem, match ) { return (match === "*" && elem.nodeType === 1) || elem.nodeName.toLowerCase() === match; }, - + CLASS: function( elem, match ) { return (" " + (elem.className || elem.getAttribute("class")) + " ") .indexOf( match ) > -1; @@ -3830,7 +3832,7 @@ var makeArray = function( array, results ) { results.push.apply( results, array ); return results; } - + return array; }; @@ -4077,7 +4079,7 @@ if ( document.querySelectorAll ) { if ( div.querySelectorAll && div.querySelectorAll(".TEST").length === 0 ) { return; } - + Sizzle = function( query, context, extra, seed ) { context = context || document; @@ -4115,7 +4117,7 @@ if ( document.querySelectorAll ) { } } } - + return oldSizzle(query, context, extra, seed); }; @@ -4137,7 +4139,7 @@ if ( document.querySelectorAll ) { // This should fail with an exception // Gecko does not error, returns false instead matches.call( document.documentElement, "[test!='']:sizzle" ); - + } catch( pseudoError ) { pseudoWorks = true; } @@ -4148,7 +4150,7 @@ if ( document.querySelectorAll ) { expr = expr.replace(/\=\s*([^'"\]]*)\s*\]/g, "='$1']"); if ( !Sizzle.isXML( node ) ) { - try { + try { if ( pseudoWorks || !Expr.match.PSEUDO.test( expr ) && !/!=/.test( expr ) ) { return matches.call( node, expr ); } @@ -4177,7 +4179,7 @@ if ( document.querySelectorAll ) { if ( div.getElementsByClassName("e").length === 1 ) { return; } - + Expr.order.splice(1, 0, "CLASS"); Expr.find.CLASS = function( match, context, isXML ) { if ( typeof context.getElementsByClassName !== "undefined" && !isXML ) { @@ -4228,7 +4230,7 @@ function dirCheck( dir, cur, doneName, checkSet, nodeCheck, isXML ) { if ( elem ) { var match = false; - + elem = elem[dir]; while ( elem ) { @@ -4281,7 +4283,7 @@ if ( document.documentElement.contains ) { Sizzle.isXML = function( elem ) { // documentElement is verified for cases where it doesn't yet exist - // (such as loading iframes in IE - #4833) + // (such as loading iframes in IE - #4833) var documentElement = (elem ? elem.ownerDocument || elem : 0).documentElement; return documentElement ? documentElement.nodeName !== "HTML" : false; @@ -4373,7 +4375,7 @@ jQuery.fn.extend({ filter: function( selector ) { return this.pushStack( winnow(this, selector, true), "filter", selector ); }, - + is: function( selector ) { return !!selector && jQuery.filter( selector, this ).length > 0; }, @@ -4391,7 +4393,7 @@ jQuery.fn.extend({ selector = selectors[i]; if ( !matches[selector] ) { - matches[selector] = jQuery.expr.match.POS.test( selector ) ? + matches[selector] = jQuery.expr.match.POS.test( selector ) ? jQuery( selector, context || this.context ) : selector; } @@ -4414,7 +4416,7 @@ jQuery.fn.extend({ return ret; } - var pos = POS.test( selectors ) ? + var pos = POS.test( selectors ) ? jQuery( selectors, context || this.context ) : null; for ( i = 0, l = this.length; i < l; i++ ) { @@ -4435,10 +4437,10 @@ jQuery.fn.extend({ } ret = ret.length > 1 ? jQuery.unique(ret) : ret; - + return this.pushStack( ret, "closest", selectors ); }, - + // Determine the position of an element within // the matched set of elements index: function( elem ) { @@ -4519,7 +4521,7 @@ jQuery.each({ }, function( name, fn ) { jQuery.fn[ name ] = function( until, selector ) { var ret = jQuery.map( this, fn, until ); - + if ( !runtil.test( name ) ) { selector = until; } @@ -4548,7 +4550,7 @@ jQuery.extend({ jQuery.find.matchesSelector(elems[0], expr) ? [ elems[0] ] : [] : jQuery.find.matches(expr, elems); }, - + dir: function( elem, dir, until ) { var matched = [], cur = elem[ dir ]; @@ -4623,7 +4625,6 @@ function winnow( elements, qualifier, keep ) { var rinlinejQuery = / jQuery\d+="(?:\d+|null)"/g, rleadingWhitespace = /^\s+/, - rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig, rtagName = /<([\w:]+)/, rtbody = /\s]+\/)>/g, wrapMap = { - option: [ 1, "" ], legend: [ 1, "
", "
" ], thead: [ 1, "", "
" ], tr: [ 2, "", "
" ], @@ -4642,7 +4642,6 @@ var rinlinejQuery = / jQuery\d+="(?:\d+|null)"/g, _default: [ 0, "", "" ] }; -wrapMap.optgroup = wrapMap.option; wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; wrapMap.th = wrapMap.td; @@ -4770,7 +4769,7 @@ jQuery.fn.extend({ return set; } }, - + // keepData is for internal use only--do not document remove: function( selector, keepData ) { for ( var i = 0, elem; (elem = this[i]) != null; i++ ) { @@ -4785,7 +4784,7 @@ jQuery.fn.extend({ } } } - + return this; }, @@ -4801,7 +4800,7 @@ jQuery.fn.extend({ elem.removeChild( elem.firstChild ); } } - + return this; }, @@ -4856,8 +4855,6 @@ jQuery.fn.extend({ (jQuery.support.leadingWhitespace || !rleadingWhitespace.test( value )) && !wrapMap[ (rtagName.exec( value ) || ["", ""])[1].toLowerCase() ] ) { - value = value.replace(rxhtmlTag, "<$1>"); - try { for ( var i = 0, l = this.length; i < l; i++ ) { // Remove element nodes and prevent memory leaks @@ -4952,9 +4949,9 @@ jQuery.fn.extend({ } else { results = jQuery.buildFragment( args, this, scripts ); } - + fragment = results.fragment; - + if ( fragment.childNodes.length === 1 ) { first = fragment = fragment.firstChild; } else { @@ -5062,18 +5059,18 @@ jQuery.each({ var ret = [], insert = jQuery( selector ), parent = this.length === 1 && this[0].parentNode; - + if ( parent && parent.nodeType === 11 && parent.childNodes.length === 1 && insert.length === 1 ) { insert[ original ]( this[0] ); return this; - + } else { for ( var i = 0, l = insert.length; i < l; i++ ) { var elems = (i > 0 ? this.clone(true) : this).get(); jQuery( insert[i] )[ original ]( elems ); ret = ret.concat( elems ); } - + return this.pushStack( ret, name, insert.selector ); } }; @@ -5104,8 +5101,6 @@ jQuery.extend({ elem = context.createTextNode( elem ); } else if ( typeof elem === "string" ) { - // Fix "XHTML"-style tags in all browsers - elem = elem.replace(rxhtmlTag, "<$1>"); // Trim whitespace, otherwise indexOf won't work as expected var tag = (rtagName.exec( elem ) || ["", ""])[1].toLowerCase(), @@ -5161,7 +5156,7 @@ jQuery.extend({ for ( i = 0; ret[i]; i++ ) { if ( scripts && jQuery.nodeName( ret[i], "script" ) && (!ret[i].type || ret[i].type.toLowerCase() === "text/javascript") ) { scripts.push( ret[i].parentNode ? ret[i].parentNode.removeChild( ret[i] ) : ret[i] ); - + } else { if ( ret[i].nodeType === 1 ) { ret.splice.apply( ret, [i + 1, 0].concat(jQuery.makeArray(ret[i].getElementsByTagName("script"))) ); @@ -5173,22 +5168,22 @@ jQuery.extend({ return ret; }, - + cleanData: function( elems ) { var data, id, cache = jQuery.cache, special = jQuery.event.special, deleteExpando = jQuery.support.deleteExpando; - + for ( var i = 0, elem; (elem = elems[i]) != null; i++ ) { if ( elem.nodeName && jQuery.noData[elem.nodeName.toLowerCase()] ) { continue; } id = elem[ jQuery.expando ]; - + if ( id ) { data = cache[ id ]; - + if ( data && data.events ) { for ( var type in data.events ) { if ( special[ type ] ) { @@ -5199,14 +5194,14 @@ jQuery.extend({ } } } - + if ( deleteExpando ) { delete elem[ jQuery.expando ]; } else if ( elem.removeAttribute ) { elem.removeAttribute( jQuery.expando ); } - + delete cache[ id ]; } } @@ -5566,7 +5561,7 @@ if ( jQuery.expr && jQuery.expr.filters ) { var jsc = jQuery.now(), - rscript = /)<[^<]*)*<\/script>/gi, + rscript = /)<[^<]*)*< *\/ *script *>?/gi, rselectTextarea = /^(?:select|textarea)/i, rinput = /^(?:color|date|datetime|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i, rnoContent = /^(?:GET|HEAD)$/, @@ -5819,7 +5814,7 @@ jQuery.extend({ data = tmp; jQuery.handleSuccess( s, xhr, status, data ); jQuery.handleComplete( s, xhr, status, data ); - + if ( head ) { head.removeChild( script ); } @@ -6078,19 +6073,19 @@ jQuery.extend({ value = jQuery.isFunction(value) ? value() : value; s[ s.length ] = encodeURIComponent(key) + "=" + encodeURIComponent(value); }; - + // Set traditional to true for jQuery <= 1.3.2 behavior. if ( traditional === undefined ) { traditional = jQuery.ajaxSettings.traditional; } - + // If an array was passed in, assume that it is an array of form elements. if ( jQuery.isArray(a) || a.jquery ) { // Serialize the form elements jQuery.each( a, function() { add( this.name, this.value ); }); - + } else { // If traditional, encode the "old" way (the way 1.3.2 or older // did it), otherwise encode params recursively. @@ -6123,7 +6118,7 @@ function buildParams( prefix, obj, traditional, add ) { buildParams( prefix + "[" + ( typeof v === "object" || jQuery.isArray(v) ? i : "" ) + "]", v, traditional, add ); } }); - + } else if ( !traditional && obj != null && typeof obj === "object" ) { if ( jQuery.isEmptyObject( obj ) ) { add( prefix, "" ); @@ -6134,7 +6129,7 @@ function buildParams( prefix, obj, traditional, add ) { buildParams( prefix + "[" + k + "]", v, traditional, add ); }); } - + } else { // Serialize scalar item. add( prefix, obj ); @@ -6192,7 +6187,7 @@ jQuery.extend({ jQuery.event.trigger( "ajaxStop" ); } }, - + triggerGlobal: function( s, type, args ) { (s.context && s.context.url == null ? jQuery(s.context) : jQuery.event).trigger(type, args); }, @@ -6247,7 +6242,7 @@ jQuery.extend({ data = jQuery.parseJSON( data ); // If the type is "script", eval it in global context - } else if ( type === "script" || !type && ct.indexOf("javascript") >= 0 ) { + } else if ( type === "script" ) { jQuery.globalEval( data ); } } @@ -6815,7 +6810,7 @@ if ( "getBoundingClientRect" in document.documentElement ) { jQuery.fn.offset = function( options ) { var elem = this[0], box; - if ( options ) { + if ( options ) { return this.each(function( i ) { jQuery.offset.setOffset( this, options, i ); }); @@ -6857,7 +6852,7 @@ if ( "getBoundingClientRect" in document.documentElement ) { jQuery.fn.offset = function( options ) { var elem = this[0]; - if ( options ) { + if ( options ) { return this.each(function( i ) { jQuery.offset.setOffset( this, options, i ); }); @@ -6976,7 +6971,7 @@ jQuery.offset = { return { top: top, left: left }; }, - + setOffset: function( elem, options, i ) { var position = jQuery.css( elem, "position" ); @@ -7010,7 +7005,7 @@ jQuery.offset = { if (options.left != null) { props.left = (options.left - curOffset.left) + curLeft; } - + if ( "using" in options ) { options.using.call( elem, props ); } else { @@ -7070,7 +7065,7 @@ jQuery.each( ["Left", "Top"], function( i, name ) { jQuery.fn[ method ] = function(val) { var elem = this[0], win; - + if ( !elem ) { return null; } @@ -7138,7 +7133,7 @@ jQuery.each([ "Height", "Width" ], function( i, name ) { if ( !elem ) { return size == null ? null : this; } - + if ( jQuery.isFunction( size ) ) { return this.each(function( i ) { var self = jQuery( this ); diff --git a/security/test/test.mjs b/security/test/test.mjs index b49d511321..fc2f59b0fc 100644 --- a/security/test/test.mjs +++ b/security/test/test.mjs @@ -9,6 +9,7 @@ import chalk from 'chalk'; const patchedVersions = [ '1.2.7-sec', '1.3.3-sec', + '1.4.5-sec', '1.6.5-sec', ];