jQuery 3.5 - Still Relevant! |
Written by Ian Elliot | |||
Wednesday, 15 April 2020 | |||
Although not as important as it once was, jQuery 3.5 has just been announced and it is still JavaScript's standard library. Recently there has been much discussion of jQuery's relevance to modern JavaScript programming. Yes, you can go it alone and use raw JavaScript, but jQuery is still the powerhouse it was and, for the minimal cost of using a small library, you really do get to do more with less. However, things have moved on and jQuery needs to keep up. The latest version, 3.5 is now ready to use. The biggest change is the security fix to htmlPrefilter. This is mostly used internally to turn strings into correct HTML, i.e. all closing tags present. Unfortunately it used a regex to do the job and this has recently been proved to be exploitable to create an XSS. The solution has been to simply remove the method by replacing it with a function that does nothing. This means that you may have a problem if you were relying on htmlPrefilter to fix your HTML, but only if you didn't insist on closing tags. For example, if you used: <div/><span/> then htmlPrefilter would have converted this to: <div></div> but now you would get: <div> which isn't what you intended. If you always use closing tags in HTML mode then there is no problem. If you really need the old behavior and can put up with the XSS risk, you can restore the behavior. However, the jQuery team recommends dompurify to do the job property - this isn't part of jQuery but works perfectly with it. A big change needed to fit in with the improved CSS selectors is that all positional selectors e.g. :first, :last and so on are being removed in jQuery 4. The reason is that they are not native selectors and the cost of implementing them is high in terms of code and time. Nearly all the positional selectors have alternative methods that do the same job, but by filtering the result of the query. For example, you could write using a positional selector: $("div:first"); and the query would return the first div. Alternatively you could use a method: $("div").first(); which first returns all of the divs and then filters out just the first one. This is all fine, but we were missing methods for the positional selectors :even and :odd, but now in 3.5 we have them: .even() and .odd() All you have to do now is remember to convert all positional selectors to filter methods before you upgrade to jQuery 4. There are some other minor changes, but I can't help commenting on the deprecation of the jQuery .trim method to be replaced by the JavaScript native .trim method. Judging by the number of websites I encounter that fail to trim string input at all, I don't think this is going to cause many programmers a problem.
More InformationRelated ArticlesStarting To Oust Sizzle From jQuery jQuery Still Our Favourite Framework Vanilla JS Used On More Sites Than jQuery jQuery 3.2.1 Is Out - Do We Still Care? jQuery Adopts Semantic Versioning OpenJS Foundation - New Merged Foundation For JavaScript To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.
Comments
or email your comment to: comments@i-programmer.info <ASIN:1871962501> <ASIN:1871962528> |
|||
Last Updated ( Wednesday, 15 April 2020 ) |