Browse Source

Pull request #3073: REPORT-80245 fix: jquery低版本漏洞

Merge in VISUAL/fineui from ~DAILER/fineui:master to master

* commit '252dcea0ef326c91bad5ef345e5b9d5ca891eafd':
  REPORT-80245 fix: jquery低版本漏洞
es6
Dailer-刘荣歆 2 years ago
parent
commit
852c796821
  1. 62
      src/core/platform/web/jquery/_jquery.js

62
src/core/platform/web/jquery/_jquery.js vendored

@ -10536,54 +10536,82 @@
s.jsonpCallback = originalSettings.jsonpCallback;
// save the callback name for future use
oldCallbacks.push( callbackName );
oldCallbacks.push(callbackName);
}
// Call if it was a function and we have a response
if ( responseContainer && jQuery.isFunction( overwritten ) ) {
overwritten( responseContainer[ 0 ] );
if (responseContainer && jQuery.isFunction(overwritten)) {
overwritten(responseContainer[0]);
}
responseContainer = overwritten = undefined;
} );
});
// Delegate to script
return "script";
}
} );
});
// Support: Safari 8 only
// In Safari 8 documents created via document.implementation.createHTMLDocument
// collapse sibling forms: the second one becomes a child of the first one.
// Because of that, this security measure has to be disabled in Safari 8.
// https://bugs.webkit.org/show_bug.cgi?id=137337
support.createHTMLDocument = (function () {
var body = document.implementation.createHTMLDocument("").body;
body.innerHTML = "<form></form><form></form>";
return body.childNodes.length === 2;
})();
// data: string of html
// context (optional): If specified, the fragment will be created in this context,
// defaults to document
// keepScripts (optional): If true, will include scripts passed in the html string
jQuery.parseHTML = function( data, context, keepScripts ) {
if ( !data || typeof data !== "string" ) {
jQuery.parseHTML = function (data, context, keepScripts) {
if (!data || typeof data !== "string") {
return null;
}
if ( typeof context === "boolean" ) {
if (typeof context === "boolean") {
keepScripts = context;
context = false;
}
context = context || document;
var parsed = rsingleTag.exec( data ),
var base, parsed, scripts;
if (!context) {
// Stop scripts or inline event handlers from being executed immediately
// by using document.implementation
if (support.createHTMLDocument) {
context = document.implementation.createHTMLDocument("");
// Set the base href for the created document
// so any parsed elements with URLs
// are based on the document's URL (gh-2965)
base = context.createElement("base");
base.href = document.location.href;
context.head.appendChild(base);
} else {
context = document;
}
}
parsed = rsingleTag.exec(data);
scripts = !keepScripts && [];
// Single tag
if ( parsed ) {
return [ context.createElement( parsed[ 1 ] ) ];
if (parsed) {
return [context.createElement(parsed[1])];
}
parsed = buildFragment( [ data ], context, scripts );
parsed = buildFragment([data], context, scripts);
if ( scripts && scripts.length ) {
jQuery( scripts ).remove();
if (scripts && scripts.length) {
jQuery(scripts).remove();
}
return jQuery.merge( [], parsed.childNodes );
return jQuery.merge([], parsed.childNodes);
};

Loading…
Cancel
Save