Skip to content

Commit 10f4357

Browse files
ArkniArkni
committed
Core: Escape single quotes in names avoiding a Sizzle Error being thrown
When a name or ID contains single quotes, a Sizzle error will be thrown, so to avoid that, we have to escape all single quotes in that name or ID before using it.
1 parent d845a33 commit 10f4357

File tree

1 file changed

+8
-5
lines changed

1 file changed

+8
-5
lines changed

src/core.js

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -803,7 +803,7 @@ $.extend( $.validator, {
803803
if ( error.is( "label" ) ) {
804804
// If the error is a label, then associate using 'for'
805805
error.attr( "for", elementID );
806-
} else if ( error.parents( "label[for='" + elementID + "']" ).length === 0 ) {
806+
} else if ( error.parents( "label[for='" + elementID.replace( /'/g, "\\'" ) + "']" ).length === 0 ) {
807807
// If the element is not a child of an associated label, then it's necessary
808808
// to explicitly apply aria-describedby
809809

@@ -822,7 +822,7 @@ $.extend( $.validator, {
822822
if ( group ) {
823823
$.each( this.groups, function( name, testgroup ) {
824824
if ( testgroup === group ) {
825-
$( "[name='" + name + "']", this.currentForm )
825+
$( "[name='" + name.replace( /'/g, "\\'" ) + "']", this.currentForm )
826826
.attr( "aria-describedby", error.attr( "id" ) );
827827
}
828828
} );
@@ -841,14 +841,17 @@ $.extend( $.validator, {
841841
},
842842

843843
errorsFor: function( element ) {
844-
var name = this.idOrName( element ),
844+
var name = this.idOrName( element ).replace( /'/g, "\\'" ),
845845
describer = $( element ).attr( "aria-describedby" ),
846846
selector = "label[for='" + name + "'], label[for='" + name + "'] *";
847847

848848
// aria-describedby should directly reference the error element
849849
if ( describer ) {
850-
selector = selector + ", #" + describer.replace( /\s+/g, ", #" );
850+
selector = selector + ", #" + describer
851+
.replace( /'/g, "\\'" )
852+
.replace( /\s+/g, ", #" );
851853
}
854+
852855
return this
853856
.errors()
854857
.filter( selector );
@@ -874,7 +877,7 @@ $.extend( $.validator, {
874877
},
875878

876879
findByName: function( name ) {
877-
return $( this.currentForm ).find( "[name='" + name + "']" );
880+
return $( this.currentForm ).find( "[name='" + name.replace( /'/g, "\\'" ) + "']" );
878881
},
879882

880883
getLength: function( value, element ) {

0 commit comments

Comments
 (0)