🔒️ fix CVE-2020-11023

ctcpip · ctcpip · commit e5a5d493d7e9 · 2023-12-11T16:28:39.000-06:00
diff --git a/jquery.js b/jquery.js
@@ -11,7 +11,7 @@
  * Copyright 2011, The Dojo Foundation
  * Released under the MIT, BSD, and GPL Licenses.
  *
- * Date: Mon Dec 11 15:41:51 2023 -0600
+ * Date: Mon Dec 11 16:03:03 2023 -0600
  */
 (function( window, undefined ) {
 
@@ -1403,6 +1403,12 @@ jQuery.support = (function() {
 		}
 	}
 
+	// Support: IE <=9 only
+	// IE <=9 replaces <option> tags with their contents when inserted outside of
+	// the select element.
+	div.innerHTML = "<option></option>";
+	support.option = !!div.lastChild;
+
 	// Null connected elements to avoid leaks in IE
 	testElement = fragment = select = opt = body = marginDiv = div = input = null;
 
@@ -5540,7 +5546,6 @@ var rinlinejQuery = / jQuery\d+="(?:\d+|null)"/g,
 	rscriptType = /\/(java|ecma)script/i,
 	rcleanScript = /^\s*<!(?:\[CDATA\[|\-\-)/,
 	wrapMap = {
-		option: [ 1, "<select multiple='multiple'>", "</select>" ],
 		legend: [ 1, "<fieldset>", "</fieldset>" ],
 		thead: [ 1, "<table>", "</table>" ],
 		tr: [ 2, "<table><tbody>", "</tbody></table>" ],
@@ -5550,10 +5555,14 @@ var rinlinejQuery = / jQuery\d+="(?:\d+|null)"/g,
 		_default: [ 0, "", "" ]
 	};
 
-wrapMap.optgroup = wrapMap.option;
 wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead;
 wrapMap.th = wrapMap.td;
 
+// Support: IE <=9 only
+if ( !support.option ) {
+	wrapMap.optgroup = wrapMap.option = [ 1, "<select multiple='multiple'>", "</select>" ];
+}
+
 // IE can't serialize <link> and <script> tags normally
 if ( !jQuery.support.htmlSerialize ) {
 	wrapMap._default = [ 1, "div<div>", "</div>" ];
diff --git a/src/manipulation.js b/src/manipulation.js
@@ -11,7 +11,6 @@ var rinlinejQuery = / jQuery\d+="(?:\d+|null)"/g,
 	rscriptType = /\/(java|ecma)script/i,
 	rcleanScript = /^\s*<!(?:\[CDATA\[|\-\-)/,
 	wrapMap = {
-		option: [ 1, "<select multiple='multiple'>", "</select>" ],
 		legend: [ 1, "<fieldset>", "</fieldset>" ],
 		thead: [ 1, "<table>", "</table>" ],
 		tr: [ 2, "<table><tbody>", "</tbody></table>" ],
@@ -21,10 +20,14 @@ var rinlinejQuery = / jQuery\d+="(?:\d+|null)"/g,
 		_default: [ 0, "", "" ]
 	};
 
-wrapMap.optgroup = wrapMap.option;
 wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead;
 wrapMap.th = wrapMap.td;
 
+// Support: IE <=9 only
+if ( !support.option ) {
+	wrapMap.optgroup = wrapMap.option = [ 1, "<select multiple='multiple'>", "</select>" ];
+}
+
 // IE can't serialize <link> and <script> tags normally
 if ( !jQuery.support.htmlSerialize ) {
 	wrapMap._default = [ 1, "div<div>", "</div>" ];
diff --git a/src/support.js b/src/support.js
@@ -246,6 +246,12 @@ jQuery.support = (function() {
 		}
 	}
 
+	// Support: IE <=9 only
+	// IE <=9 replaces <option> tags with their contents when inserted outside of
+	// the select element.
+	div.innerHTML = "<option></option>";
+	support.option = !!div.lastChild;
+
 	// Null connected elements to avoid leaks in IE
 	testElement = fragment = select = opt = body = marginDiv = div = input = null;
 

Original file line number	Diff line number	Diff line change
`@@ -246,6 +246,12 @@ jQuery.support = (function() {`
`246`	`246`	`}`
`247`	`247`	`}`
`248`	`248`
	`249`	`+ // Support: IE <=9 only`
	`250`	`+ // IE <=9 replaces <option> tags with their contents when inserted outside of`
	`251`	`+ // the select element.`
	`252`	`+ div.innerHTML = "<option></option>";`
	`253`	`+ support.option = !!div.lastChild;`
	`254`	`+`
`249`	`255`	`// Null connected elements to avoid leaks in IE`
`250`	`256`	`testElement = fragment = select = opt = body = marginDiv = div = input = null;`
`251`	`257`