averello/jquery-validation-mirror
1
0
Fork 0
mirror of https://github.com/jquery-validation/jquery-validation.git synced 2025-12-14 20:35:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Core: Escape single quotes in names avoiding a Sizzle Error being thrown

Browse Source 
When a name or ID contains single quotes, a Sizzle error will be thrown,
so to avoid that, we have to escape all single quotes in that name or ID
before using it.
This commit is contained in:
Brahim Arkni
2015-10-09 15:59:46 +01:00
parent d845a33c6e
commit 10f4357f5e
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/core.js
View File

@@ -803,7 +803,7 @@ $.extend( $.validator, {
if ( error.is( "label" ) ) { if ( error.is( "label" ) ) {
// If the error is a label, then associate using 'for' // If the error is a label, then associate using 'for'
error.attr( "for", elementID ); error.attr( "for", elementID );
} else if ( error.parents( "label[for='" + elementID + "']" ).length === 0 ) { } else if ( error.parents( "label[for='" + elementID.replace( /'/g, "\\'" ) + "']" ).length === 0 ) {
// If the element is not a child of an associated label, then it's necessary // If the element is not a child of an associated label, then it's necessary
// to explicitly apply aria-describedby // to explicitly apply aria-describedby
@@ -822,7 +822,7 @@ $.extend( $.validator, {
if ( group ) { if ( group ) {
$.each( this.groups, function( name, testgroup ) { $.each( this.groups, function( name, testgroup ) {
if ( testgroup === group ) { if ( testgroup === group ) {
$( "[name='" + name + "']", this.currentForm ) $( "[name='" + name.replace( /'/g, "\\'" ) + "']", this.currentForm )
.attr( "aria-describedby", error.attr( "id" ) ); .attr( "aria-describedby", error.attr( "id" ) );
} }
} ); } );
@@ -841,14 +841,17 @@ $.extend( $.validator, {
}, },
errorsFor: function( element ) { errorsFor: function( element ) {
var name = this.idOrName( element ), var name = this.idOrName( element ).replace( /'/g, "\\'" ),
describer = $( element ).attr( "aria-describedby" ), describer = $( element ).attr( "aria-describedby" ),
selector = "label[for='" + name + "'], label[for='" + name + "'] *"; selector = "label[for='" + name + "'], label[for='" + name + "'] *";
// aria-describedby should directly reference the error element // aria-describedby should directly reference the error element
if ( describer ) { if ( describer ) {
selector = selector + ", #" + describer.replace( /\s+/g, ", #" ); selector = selector + ", #" + describer
.replace( /'/g, "\\'" )
.replace( /\s+/g, ", #" );
} }
return this return this
.errors() .errors()
.filter( selector ); .filter( selector );
@@ -874,7 +877,7 @@ $.extend( $.validator, {
}, },
findByName: function( name ) { findByName: function( name ) {
return $( this.currentForm ).find( "[name='" + name + "']" ); return $( this.currentForm ).find( "[name='" + name.replace( /'/g, "\\'" ) + "']" );
}, },
getLength: function( value, element ) { getLength: function( value, element ) {