Skip to content

Commit 58c2460

Browse files
fhembergertimmywil
fhemberger
authored and
timmywil
committed
Core: use document.implemenation.createHTMLDocument in jQuery.parseHTML
Close gh-1505
1 parent 43faf6d commit 58c2460

File tree

5 files changed

+39
-3
lines changed

5 files changed

+39
-3
lines changed

src/core.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ define([
77
"./var/class2type",
88
"./var/toString",
99
"./var/hasOwn",
10-
"./var/support"
10+
"./core/support"
1111
], function( arr, slice, concat, push, indexOf, class2type, toString, hasOwn, support ) {
1212

1313
var

src/core/parseHTML.js

+6-2
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ define([
22
"../core",
33
"./var/rsingleTag",
44
"../manipulation" // buildFragment
5-
], function( jQuery, rsingleTag ) {
5+
], function( jQuery, rsingleTag, support ) {
66

77
// data: string of html
88
// context (optional): If specified, the fragment will be created in this context,
@@ -16,7 +16,11 @@ jQuery.parseHTML = function( data, context, keepScripts ) {
1616
keepScripts = context;
1717
context = false;
1818
}
19-
context = context || document;
19+
// document.implementation stops scripts or inline event handlers from
20+
// being executed immediately
21+
context = context || ( support.createHTMLDocument ?
22+
document.implementation.createHTMLDocument() :
23+
document );
2024

2125
var parsed = rsingleTag.exec( data ),
2226
scripts = !keepScripts && [];

src/core/support.js

+6
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
define([
2+
"../var/support"
3+
], function( jQuery, support ) {
4+
// window.document is used here as it's before the sandboxed document
5+
support.createHTMLDocument = !!window.document.implementation.createHTMLDocument;
6+
});

test/unit/core.js

+18
Original file line numberDiff line numberDiff line change
@@ -1367,6 +1367,24 @@ test("jQuery.parseHTML", function() {
13671367
ok( jQuery.parseHTML("<#if><tr><p>This is a test.</p></tr><#/if>") || true, "Garbage input should not cause error" );
13681368
});
13691369

1370+
// This XSS test is optional, as it will only pass when `document.implementation.createHTMLDocument`
1371+
// is implemented. This might not be the case for older Android browsers (<= 2.x).
1372+
if ( document.implementation.createHTMLDocument ) {
1373+
asyncTest("jQuery.parseHTML", function() {
1374+
expect ( 1 );
1375+
1376+
Globals.register("parseHTMLError");
1377+
1378+
jQuery.globalEval("parseHTMLError = false;");
1379+
jQuery.parseHTML( "<img src=x onerror='parseHTMLError = true'>" );
1380+
1381+
window.setTimeout(function() {
1382+
start();
1383+
equal( window.parseHTMLError, false, "onerror eventhandler has not been called." );
1384+
}, 2000);
1385+
});
1386+
}
1387+
13701388
test("jQuery.parseJSON", function() {
13711389
expect( 20 );
13721390

test/unit/support.js

+8
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
6161
"checkOn": true,
6262
"clearCloneStyle": true,
6363
"cors": true,
64+
"createHTMLDocument": true,
6465
"focusinBubbles": false,
6566
"noCloneChecked": true,
6667
"optDisabled": true,
@@ -77,6 +78,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
7778
"checkOn": true,
7879
"clearCloneStyle": false,
7980
"cors": true,
81+
"createHTMLDocument": true,
8082
"focusinBubbles": true,
8183
"noCloneChecked": false,
8284
"optDisabled": true,
@@ -93,6 +95,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
9395
"checkOn": true,
9496
"clearCloneStyle": false,
9597
"cors": false,
98+
"createHTMLDocument": true,
9699
"focusinBubbles": true,
97100
"noCloneChecked": false,
98101
"optDisabled": true,
@@ -109,6 +112,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
109112
"checkOn": true,
110113
"clearCloneStyle": true,
111114
"cors": true,
115+
"createHTMLDocument": true,
112116
"focusinBubbles": false,
113117
"noCloneChecked": true,
114118
"optDisabled": true,
@@ -125,6 +129,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
125129
"checkOn": true,
126130
"clearCloneStyle": true,
127131
"cors": true,
132+
"createHTMLDocument": true,
128133
"focusinBubbles": false,
129134
"noCloneChecked": true,
130135
"optDisabled": true,
@@ -141,6 +146,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
141146
"checkOn": true,
142147
"clearCloneStyle": true,
143148
"cors": true,
149+
"createHTMLDocument": true,
144150
"focusinBubbles": false,
145151
"noCloneChecked": true,
146152
"optDisabled": true,
@@ -157,6 +163,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
157163
"checkOn": false,
158164
"clearCloneStyle": true,
159165
"cors": true,
166+
"createHTMLDocument": true,
160167
"focusinBubbles": false,
161168
"noCloneChecked": true,
162169
"optDisabled": true,
@@ -173,6 +180,7 @@ testIframeWithCallback( "Check CSP (https://developer.mozilla.org/en-US/docs/Sec
173180
"checkOn": false,
174181
"clearCloneStyle": false,
175182
"cors": true,
183+
"createHTMLDocument": true,
176184
"focusinBubbles": false,
177185
"noCloneChecked": true,
178186
"optDisabled": false,

0 commit comments

Comments
 (0)