Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSS Vulnerability on closeText option of Dialog jQuery UI 1.11.4 #1622

Closed
wants to merge 44 commits into from
Closed

XSS Vulnerability on closeText option of Dialog jQuery UI 1.11.4 #1622

wants to merge 44 commits into from

Commits on Nov 3, 2014

  1. Build: Update links to AUTHORS.txt and LICENSE.txt in package.json

    @scottgonzalez
    scottgonzalez committed Nov 3, 2014
    Configuration menu
    Copy the full SHA
    27a88c8 View commit details
    Browse the repository at this point in the history

Commits on Feb 5, 2015

  1. DatePicker: datepicker_instActive released on instance destroy 

    Fixes #10668
Closes gh-1362
(cherry picked from commit e5e3ca4)
    @eshcharc @scottgonzalez
    eshcharc authored and scottgonzalez committed Feb 5, 2015
    Configuration menu
    Copy the full SHA
    47ceff8 View commit details
    Browse the repository at this point in the history

  2. Autocomplete: Remove duplicate array key in demo 

    Ref gh-1363
(cherry picked from commit 0fccf94)
    @bperel @scottgonzalez
    bperel authored and scottgonzalez committed Feb 5, 2015
    Configuration menu
    Copy the full SHA
    c303f7e View commit details
    Browse the repository at this point in the history

  3. Demos: Remove duplicate CSS properties 

    Closes gh-1363
(cherry picked from commit 14c4eae)
    @bperel @scottgonzalez
    bperel authored and scottgonzalez committed Feb 5, 2015
    Configuration menu
    Copy the full SHA
    152c2d1 View commit details
    Browse the repository at this point in the history

  4. Dialog: Remove leftover backcompat flag in tests 

    (cherry picked from commit b2a477f)
    @scottgonzalez
    scottgonzalez committed Feb 5, 2015
    Configuration menu
    Copy the full SHA
    7b4d706 View commit details
    Browse the repository at this point in the history

  5. Selectmenu: Remove broken tabindex code 

    (cherry picked from commit 1fb0879)
    @scottgonzalez
    scottgonzalez committed Feb 5, 2015
    Configuration menu
    Copy the full SHA
    c3dcf4e View commit details
    Browse the repository at this point in the history

  6. Datepicker: Fixed month names and firstDay value in Arabic locale 

    Fixes #10035
Closes gh-1246
(cherry picked from commit 06231cf)
    @scottgonzalez
    Mohammed Alshehri authored and scottgonzalez committed Feb 5, 2015
    Configuration menu
    Copy the full SHA
    9afe0f7 View commit details
    Browse the repository at this point in the history

  7. Tests: Adding missing dependency 

    (cherry picked from commit ae577ae)
    @tjvantoll @scottgonzalez
    tjvantoll authored and scottgonzalez committed Feb 5, 2015
    Configuration menu
    Copy the full SHA
    4686458 View commit details
    Browse the repository at this point in the history

Commits on Feb 9, 2015

  1. Selectmenu: Properly parse value from options 

    Fixes #10684
(cherry picked from commit 809cc0f)

Conflicts:

	ui/selectmenu.js
    @scottgonzalez
    scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    dc2c948 View commit details
    Browse the repository at this point in the history

  2. Tabs: Suppress automatic activation when navigating with COMMAND 

    Fixes #9621
Closes gh-1383
(cherry picked from commit 6a242ab)
    @scottgonzalez
    scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    9dd1e73 View commit details
    Browse the repository at this point in the history

  3. Widget: Fix typos 

    Closes gh-1386
(cherry picked from commit 347b2a5)
    @scottgonzalez
    scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    28ab47c View commit details
    Browse the repository at this point in the history

  4. Easing: Fixed small typo in easing demo 

    (cherry picked from commit fe75984)
    @agcolom @scottgonzalez
    agcolom authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    3116967 View commit details
    Browse the repository at this point in the history

  5. Widget: Improve readability in $.widget.bridge() 

    Closes gh-1409
(cherry picked from commit 713688d)
    @thg2k @scottgonzalez
    thg2k authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    69bd7a7 View commit details
    Browse the repository at this point in the history

  6. Build: Remove dates from copyright notice 

    Closes gh-1403
(cherry picked from commit c89cb74)
    @agcolom @scottgonzalez
    agcolom authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    727a915 View commit details
    Browse the repository at this point in the history

  7. Accordion: Set aria-expanded when collapsing 

    Fixes #10703
Closes gh-1413
(cherry picked from commit ab798cb)
    @scottgonzalez
    scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    dc2b17d View commit details
    Browse the repository at this point in the history

  8. Position: Restore old flip collision handling 

    This reverts commit 7f808b2.

Fixes #8710
Ref gh-1071
(cherry picked from commit ebaaca7)
    @meyertee @scottgonzalez
    meyertee authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    276cd5c View commit details
    Browse the repository at this point in the history

  9. Position: Add unit tests for bug 8710 

    Ref #8710
Closes gh-1071
(cherry picked from commit 4de983c)
    @meyertee @scottgonzalez
    meyertee authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    9db4057 View commit details
    Browse the repository at this point in the history

  10. Core: Match on exact node name for :focusable and :tabbable 

    Fixes #10747
Ref gh-1417
(cherry picked from commit c66842b)
    @SlimFoster @scottgonzalez
    SlimFoster authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    f1345e3 View commit details
    Browse the repository at this point in the history

  11. Resizable: Match on exact node name 

    Fixes #10748
Closes gh-1417
(cherry picked from commit faefab8)
    @SlimFoster @scottgonzalez
    SlimFoster authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    7ff9b28 View commit details
    Browse the repository at this point in the history

  12. DatePicker: Fix tests to have unique names 

    (cherry picked from commit c217007)
    @lukeapage @scottgonzalez
    lukeapage authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    ad121b2 View commit details
    Browse the repository at this point in the history

  13. DatePicker: increase date range so that tests still pass through 2015 

    (cherry picked from commit 0566e99)
    @lukeapage @scottgonzalez
    lukeapage authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    76ebe08 View commit details
    Browse the repository at this point in the history

  14. Tests: Fix jquery reference in unit index file 

    (cherry picked from commit d3bb0f7)
    @jzaefferer @scottgonzalez
    jzaefferer authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    66b31b3 View commit details
    Browse the repository at this point in the history

  15. Tests: Fix jQuery version references to match files in external/ 

    (cherry picked from commit a3b43ee)
    @jzaefferer @scottgonzalez
    jzaefferer authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    fcb26aa View commit details
    Browse the repository at this point in the history

  16. Slider: Fix max calculation, when step is float 

    Fixes #10721
Closes gh-1398
(cherry picked from commit ae1d6d5)
    @dekajp @scottgonzalez
    dekajp authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    dfa3a9f View commit details
    Browse the repository at this point in the history

  17. Docs: Clarify PHP Usage 

    Clarify that PHP is not required for testing, add a link to the
CONTRIBUTING page and tidy up.

Closes gh-1418
(cherry picked from commit 8cc636d)
    @lukeapage @scottgonzalez
    lukeapage authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    da67914 View commit details
    Browse the repository at this point in the history

  18. Resizable: Whitespace Cleanup 

    (cherry picked from commit 337e411)
    @mikesherov @scottgonzalez
    mikesherov authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    105f4a5 View commit details
    Browse the repository at this point in the history

  19. Resizable: correct width when grid approaches zero 

    Fixes #10590
(cherry picked from commit 9493839)
    @mikesherov @scottgonzalez
    mikesherov authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    0a0db09 View commit details
    Browse the repository at this point in the history

  20. Sortable: Add support for iframes 

    Fixes #9604
Closes gh-1443
(cherry picked from commit 17c7f69)
    @marcuswarrenca @scottgonzalez
    marcuswarrenca authored and scottgonzalez committed Feb 9, 2015
    Configuration menu
    Copy the full SHA
    fa460f3 View commit details
    Browse the repository at this point in the history

Commits on Feb 11, 2015

  1. Build: Update authors list

    @scottgonzalez
    scottgonzalez committed Feb 11, 2015
    Configuration menu
    Copy the full SHA
    8dfc67d View commit details
    Browse the repository at this point in the history

Commits on Feb 12, 2015

  1. Build: Updating the 1-11-stable version to 1.11.4-pre.

    @scottgonzalez
    scottgonzalez committed Feb 12, 2015
    Configuration menu
    Copy the full SHA
    aec0b62 View commit details
    Browse the repository at this point in the history

Commits on Feb 20, 2015

  1. Build: Use browserSets from testswarm config 

    It's already in jQuery's Jenkins node-testswarm config
(and set to the same value) but not used yet.

Reference it to make sure it keeps working in the future.

Closes gh-1452
(cherry picked from commit 1e7a1e8)
    @Krinkle @scottgonzalez
    Krinkle authored and scottgonzalez committed Feb 20, 2015
    Configuration menu
    Copy the full SHA
    258dbe3 View commit details
    Browse the repository at this point in the history

Commits on Mar 10, 2015

  1. Sortable: Redetermine floating flag when recalculating positions 

    This addresses a bug where users initialize empty sortable lists are
add items dynamically. In this situation refresh() should recognize the
position and orientation of the new items.

Fixes #7498
Closes gh-1381
(cherry picked from commit f656aeb)
    @tjvantoll @scottgonzalez
    tjvantoll authored and scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    189f1d4 View commit details
    Browse the repository at this point in the history

  2. Draggable: Ensure parent is correct after dragging through sortable 

    Fixes #10669
(cherry picked from commit d8077dc)
    @mikesherov @scottgonzalez
    mikesherov authored and scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    b371063 View commit details
    Browse the repository at this point in the history

  3. Dialog: Stop tracking instance in destroy() to avoid memory leaks 

    Fixes #11125
Closes gh-1448
(cherry picked from commit ec1f393)
    @tjvantoll @scottgonzalez
    tjvantoll authored and scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    04ab6e0 View commit details
    Browse the repository at this point in the history

  4. Accordion: Handle box-sizing: border-box in animations 

    Fixes #9264
Closes gh-1287
Closes gh-1459
(cherry picked from commit 4b017b4)
    @scottgonzalez
    scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    de75b40 View commit details
    Browse the repository at this point in the history

  5. Resizable: Modified to allow jquery objects as handles 

    Custom handlers did not work as jquery objects (outside the resizable element)

Fixes #9658
Closes gh-1445
(cherry picked from commit 18e301f)
    @patrixd @scottgonzalez
    patrixd authored and scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    65f31c2 View commit details
    Browse the repository at this point in the history

  6. Resizable: alsoResize more than one element of a jQuery selection 

    Fixes #4666
Closes gh-1324
Closes gh-1461
(cherry picked from commit 19783fd)
    @benmosher @scottgonzalez
    benmosher authored and scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    31e7099 View commit details
    Browse the repository at this point in the history

  7. Slider: Modified to allow value to reach max value with float step 

    Fixes #11286
Closes gh-1465
(cherry picked from commit 60c00cd)
    @atomiomi @scottgonzalez
    atomiomi authored and scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    0f99e9c View commit details
    Browse the repository at this point in the history

  8. Dialog: Fix typo 

    Closes gh-1447

Thanks Spencer Davis
(cherry picked from commit d95c23a)
    @scottgonzalez
    scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    d699725 View commit details
    Browse the repository at this point in the history

  9. Sortable: Append a tr with td to the placeholder of tbody elements 

    When sorting tbody elements of a table the placeholder needs to have a tr with
td elements to be visible. The appended elements are created in the same way
as for the placeholder of a tr element; the first row of the sorted tbody is
used for that.

Fixes #10682
Closes gh-1380
(cherry picked from commit 962e05d)
    @oemmes @scottgonzalez
    oemmes authored and scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    ddc1b32 View commit details
    Browse the repository at this point in the history

  10. Tabs: Use standard promise methods for jqXHR 

    The old success(), error() and complete() methods have been deprecated for a
while and have been removed in upstream master.

Closes gh-1455
(cherry picked from commit c1dfb98)
    @scottgonzalez
    scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    1c92d68 View commit details
    Browse the repository at this point in the history

  11. Tooltip: Register event handlers before content is loaded 

    Fixes #8740
Closes gh-1053
Closes gh-1456
(cherry picked from commit c4e367b)
    @mziech @scottgonzalez
    mziech authored and scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    88291ff View commit details
    Browse the repository at this point in the history

  12. Build: Update authors list

    @scottgonzalez
    scottgonzalez committed Mar 10, 2015
    Configuration menu
    Copy the full SHA
    40cdb5f View commit details
    Browse the repository at this point in the history

Commits on Mar 11, 2015

  1. Build: Updating the 1-11-stable version to 1.11.5-pre.

    @scottgonzalez
    scottgonzalez committed Mar 11, 2015
    Configuration menu
    Copy the full SHA
    b93df29 View commit details
    Browse the repository at this point in the history