Pull request #3073: REPORT-80245 fix: jquery低版本漏洞

Merge in VISUAL/fineui from ~DAILER/fineui:master to master

* commit '252dcea0ef326c91bad5ef345e5b9d5ca891eafd':
  REPORT-80245 fix: jquery低版本漏洞

src/core/platform/web/jquery/_jquery.js

@@ -10552,7 +10552,16 @@
 		}
 	});
 
-
+// Support: Safari 8 only
+// In Safari 8 documents created via document.implementation.createHTMLDocument
+// collapse sibling forms: the second one becomes a child of the first one.
+// Because of that, this security measure has to be disabled in Safari 8.
+// https://bugs.webkit.org/show_bug.cgi?id=137337
+	support.createHTMLDocument = (function () {
+		var body = document.implementation.createHTMLDocument("").body;
+		body.innerHTML = "<form></form><form></form>";
+		return body.childNodes.length === 2;
+	})();
 
 
 // data: string of html
@@ -10567,9 +10576,28 @@
 			keepScripts = context;
 			context = false;
 		}
-		context = context || document;
 
-		var parsed = rsingleTag.exec( data ),
+		var base, parsed, scripts;
+
+		if (!context) {
+
+			// Stop scripts or inline event handlers from being executed immediately
+			// by using document.implementation
+			if (support.createHTMLDocument) {
+				context = document.implementation.createHTMLDocument("");
+
+				// Set the base href for the created document
+				// so any parsed elements with URLs
+				// are based on the document's URL (gh-2965)
+				base = context.createElement("base");
+				base.href = document.location.href;
+				context.head.appendChild(base);
+			} else {
+				context = document;
+			}
+		}
+
+		parsed = rsingleTag.exec(data);
 		scripts = !keepScripts && [];
 
 		// Single tag