Adjust jQuery('html') detection to only match when html starts with '<' (counting space characters). Fixes #11290

2026-02-07 03:14:58 -05:00 · 2012-06-20 11:19:24 -04:00
parent 286c4d91dd
commit 239fc86b01
2 changed files with 3 additions and 6 deletions
--- a/src/core.js
+++ b/src/core.js
@@ -40,9 +40,8 @@ var
 	trimRight = /\s+$/,

 	// A simple way to check for HTML strings
-	// Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
-	// Ignore html if within quotes "" '' or brackets/parens [] ()
-	rhtmlString = /^(?:[^#<\\]*(<[\w\W]+>)(?![^\[]*\])(?![^\(]*\))(?![^']*')(?![^"]*")[^>]*$)/,
+	// If starts-with '<'
+	rhtmlString = /^\s*(<[\w\W]+>)[^>]*$/,

 	// Match a standalone tag
 	rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>)?$/,