Attributes: Fix unquoted hashes in selectors where possible

dmethvin · dmethvin · commit 81d5f1340f3e · 2016-05-05T16:03:39.000-04:00
Fixes #174 Closes #184 Ref #140 (cherry picked from commit d7da19d)
diff --git a/src/core.js b/src/core.js
@@ -1,9 +1,11 @@
 
 var matched, browser,
 	oldInit = jQuery.fn.init,
+	oldFind = jQuery.find,
 	oldParseJSON = jQuery.parseJSON,
 	rspaceAngle = /^\s*</,
-	rattrHash = /\[\s*\w+\s*[~|^$*]?=\s*(?![\s'"])[^#\]]*#/,
+	rattrHashTest = /\[(\s*[-\w]+\s*)([~|^$*]?=)\s*([-\w#]*?#[-\w#]*)\s*\]/,
+	rattrHashGlob = /\[(\s*[-\w]+\s*)([~|^$*]?=)\s*([-\w#]*?#[-\w#]*)\s*\]/g,
 	// Note: XSS check is done below after string is trimmed
 	rquickExpr = /^([^<]*)(<[\w\W]+>)([^>]*)$/;
 
@@ -42,19 +44,6 @@ jQuery.fn.init = function( selector, context, rootjQuery ) {
 							context || document, true ), context, rootjQuery );
 			}
 		}
-
-		if ( selector === "#" ) {
-
-			// jQuery( "#" ) is a bogus ID selector, but it returned an empty set before jQuery 3.0
-			migrateWarn( "jQuery( '#' ) is not a valid selector" );
-			selector = [];
-
-		} else if ( rattrHash.test( selector ) ) {
-
-			// The nonstandard and undocumented unquoted-hash was removed in jQuery 1.12.0
-			// Note that this doesn't actually fix the selector due to potential false positives
-			migrateWarn( "Attribute selectors with '#' must be quoted: '" + selector + "'" );
-		}
 	}
 
 	ret = oldInit.apply( this, arguments );
@@ -76,6 +65,47 @@ jQuery.fn.init = function( selector, context, rootjQuery ) {
 };
 jQuery.fn.init.prototype = jQuery.fn;
 
+jQuery.find = function( selector ) {
+	var args = Array.prototype.slice.call( arguments );
+
+	// Support: PhantomJS 1.x
+	// String#match fails to match when used with a //g RegExp, only on some strings
+	if ( typeof selector === "string" && rattrHashTest.test( selector ) ) {
+
+		// The nonstandard and undocumented unquoted-hash was removed in jQuery 1.12.0
+		// First see if qS thinks it's a valid selector, if so avoid a false positive
+		try {
+			document.querySelector( selector );
+		} catch ( err1 ) {
+
+			// Didn't *look* valid to qSA, warn and try quoting what we think is the value
+			selector = selector.replace( rattrHashGlob, function( _, attr, op, value ) {
+				return "[" + attr + op + "\"" + value + "\"]";
+			} );
+
+			// If the regexp *may* have created an invalid selector, don't update it
+			// Note that there may be false alarms if selector uses jQuery extensions
+			try {
+				document.querySelector( selector );
+				migrateWarn( "Attribute selector with '#' must be quoted: " + args[ 0 ] );
+				args[ 0 ] = selector;
+			} catch ( err2 ) {
+				migrateWarn( "Attribute selector with '#' was not fixed: " + args[ 0 ] );
+			}
+		}
+	}
+
+	return oldFind.apply( this, args );
+};
+
+// Copy properties attached to original jQuery.find method (e.g. .attr, .isXML)
+var findProp;
+for ( findProp in oldFind ) {
+	if ( Object.prototype.hasOwnProperty.call( oldFind, findProp ) ) {
+		jQuery.find[ findProp ] = oldFind[ findProp ];
+	}
+}
+
 // Let $.parseJSON(falsy_value) return null
 jQuery.parseJSON = function( json ) {
 	if ( !json ) {
diff --git a/src/traversing.js b/src/traversing.js
@@ -1,13 +1,13 @@
 var oldSelf = jQuery.fn.andSelf || jQuery.fn.addBack,
-	oldFind = jQuery.fn.find;
+	oldFnFind = jQuery.fn.find;
 
 jQuery.fn.andSelf = function() {
 	migrateWarn("jQuery.fn.andSelf() replaced by jQuery.fn.addBack()");
 	return oldSelf.apply( this, arguments );
 };
 
 jQuery.fn.find = function( selector ) {
-	var ret = oldFind.apply( this, arguments );
+	var ret = oldFnFind.apply( this, arguments );
 	ret.context = this.context;
 	ret.selector = this.selector ? this.selector + " " + selector : selector;
 	return ret;
diff --git a/test/core.js b/test/core.js
@@ -53,57 +53,91 @@ test( "jQuery(html) loose rules", function() {
 	}
 });
 
-test( "jQuery( '#' )", function() {
-	expect( 2 );
-
-	expectWarning( "Selector, through the jQuery constructor, nothing but hash", function() {
-		var set = jQuery( "#" );
-		equal( set.length, 0, "empty set" );
-	});
-});
-
-test( "attribute selectors with naked '#'", function() {
-	expect( 7 );
-
-	// These are wrapped in try/catch because they throw on jQuery 1.12.0+
-
-	expectWarning( "attribute equals", function() {
-		try {
-			jQuery( "a[href=#]" );
-		} catch( e ) {}
-	});
-
-	expectWarning( "attribute contains", function() {
-		try {
-			jQuery( "link[rel*=#stuff]" );
-		} catch( e ) {}
-	});
-
-	expectWarning( "attribute starts, with spaces", function() {
-		try {
-			jQuery( "a[href ^= #junk]" );
-		} catch( e ) {}
-	});
-
-	expectWarning( "attribute equals, hash not starting", function() {
-		try {
-			jQuery( "a[href=space#junk]" );
-		} catch( e ) {}
-	});
-
-	expectNoWarning( "attribute equals, with single quotes", function() {
-		try {
-			jQuery( "a[href='#junk']" );
-		} catch( e ) {}
-	});
-
-	expectNoWarning( "attribute equals, with double quotes", function() {
-		try {
-			jQuery( "a[href=\"#junk\"]" );
-		} catch( e ) {}
-	});
-
-	expectNoWarning( "function containing tempting string (#178)", function() {
+// Selector quoting doesn't work in IE8
+if ( !document.querySelector ) {
+
+QUnit.test( "Attribute selectors with unquoted hashes", function( assert ) {
+	expect( 31 );
+
+	var markup = jQuery(
+			"<div>" +
+				"<div data-selector='a[href=#main]'></div>" +
+				"<a href='space#junk'>test</a>" +
+				"<link rel='good#stuff' />" +
+				"<p class='space #junk'>" +
+					"<a href='#some-anchor'>anchor2</a>" +
+					"<input value='[strange*=#stuff]' />" +
+					"<a href='#' data-id='#junk'>anchor</a>" +
+				"</p>" +
+			"</div>" ).appendTo( "#qunit-fixture" ),
+
+		// No warning, no need to fix
+		okays = [
+			"a[href='#some-anchor']",
+			"[data-id=\"#junk\"]",
+			"div[data-selector='a[href=#main]']",
+			"input[value~= '[strange*=#stuff]']"
+		],
+
+		// Fixable, and gives warning
+		fixables = [
+			"a[href=#]",
+			"a[href*=#]:not([href=#]):first-child",
+			".space a[href=#]",
+			"a[href=#some-anchor]",
+			"link[rel*=#stuff]",
+			"p[class *= #junk]",
+			"a[href=space#junk]"
+		],
+
+		// False positives that still work
+		positives = [
+			"div[data-selector='a[href=#main]']:first",
+			"input[value= '[strange*=#stuff]']:eq(0)"
+		],
+
+		// Failures due to quotes and jQuery extensions combined
+		failures = [
+			"p[class ^= #junk]:first",
+			"a[href=space#junk]:eq(1)"
+		];
+
+	expectNoWarning( "Perfectly cromulent selectors are unchanged", function() {
+		okays.forEach( function( okay ) {
+			assert.equal( jQuery( okay, markup ).length, 1, okay );
+			assert.equal( markup.find( okay ).length, 1, okay );
+		} );
+	} );
+
+	expectWarning( "Values with unquoted hashes are quoted", fixables.length, function() {
+		fixables.forEach( function( fixable ) {
+			assert.equal( jQuery( fixable, markup ).length, 1, fixable );
+			assert.equal( markup.find( fixable ).length, 1, fixable );
+		} );
+	} );
+
+	expectWarning( "False positives", positives.length, function() {
+		positives.forEach( function( positive ) {
+			assert.equal( jQuery( positive, markup ).length, 1,  positive );
+			assert.equal( markup.find( positive ).length, 1, positive );
+		} );
+	} );
+
+	expectWarning( "Unfixable cases", failures.length, function() {
+		failures.forEach( function( failure ) {
+			try {
+				jQuery( failure, markup );
+				assert.ok( false, "Expected jQuery() to die!" );
+			} catch ( err1 ) { }
+			try {
+				markup.find( failure );
+				assert.ok( false, "Expected .find() to die!" );
+			} catch ( err2 ) { }
+		} );
+	} );
+
+	// Ensure we don't process jQuery( x ) when x is a function
+	expectNoWarning( "ready function with attribute selector", function() {
 		try {
 			jQuery( function() {
 				if ( jQuery.thisIsNeverDefined ) {
@@ -114,6 +148,8 @@ test( "attribute selectors with naked '#'", function() {
 	});
 });
 
+}
+
 QUnit.test( "document.context defined (#178)", function( assert ) {
 	assert.expect( 1 );
 
diff --git a/warnings.md b/warnings.md
@@ -31,9 +31,10 @@ This is _not_ a warning, but a console log message the plugin shows when it firs
 
 **Solution**: Usually this warning is due to an error in the HTML string, where text is present when it should not be there. Remove the leading or trailing text before passing the string to `$.parseHTML()` if it should not be part of the collection. Alternatively you can use `$($.parseHTML(html)).filter("*")` to remove all top-level text nodes from the set and leave only elements.
 
-### JQMIGRATE: Attribute selectors with '#' must be quoted
+### JQMIGRATE: Attribute selector with '#' must be quoted
+### JQMIGRATE: Attribute selector with '#' was not fixed
 
-**Cause:** CSS selectors such as `a[href=#main]` are not valid CSS syntax because the value contains special characters that are not quoted. Until jQuery 1.11.3/2.1.4 this syntax was accepted, but the behavior is non-standard and was never documented. In later versions this selector throws an error. *In some rare cases Migrate may mis-diagnose this problem, so it does not attempt a repair.*
+**Cause:** Selectors such as `a[href=#main]` are not valid CSS syntax because the value contains special characters that are not quoted. Until jQuery 1.11.3/2.1.4 this was accepted, but the behavior is non-standard and was never documented. In later versions this selector throws an error. *In some cases with complex selectors, Migrate may not attempt a repair.* In those cases a fatal error will be logged on the console and you will need to fix the selector manually.
 
 **Solution**: Put quotes around any attribute values that have special characters, e.g. `a[href="#main"]`. The warning message contains the selector that caused the problem, use that to find the selector in the source files.
 
