Adjust jQuery('html') detection to only match when html starts with '<' (not counting space characters). Fixes #11290.

2026-04-20 03:01:22 -04:00 · 2012-06-20 11:19:24 -04:00
parent 452e32769d
commit 05531fc408
5 changed files with 21 additions and 12 deletions
--- a/src/core.js
+++ b/src/core.js
@@ -49,7 +49,8 @@ var

 	// A simple way to check for HTML strings
 	// Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
-	rquickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*|#([\w-]*))$/,
+	// Strict HTML recognition (#11290: must start with <)
+	rquickExpr = /^(?:(<[\w\W]+>)[^>]*|#([\w-]*))$/,

 	// Match a standalone tag
 	rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>|)$/,