diff options
-rw-r--r-- | usr/local/www/javascript/jquery.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr/local/www/javascript/jquery.js b/usr/local/www/javascript/jquery.js index e375a10..859a7b2 100644 --- a/usr/local/www/javascript/jquery.js +++ b/usr/local/www/javascript/jquery.js @@ -37,8 +37,8 @@ var jQuery = function( selector, context ) { rootjQuery, // A simple way to check for HTML strings or ID strings - // (both of which we optimize for) - quickExpr = /^(?:[^<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, + // Prioritize #id over <tag> to avoid XSS via location.hash (#9521) + quickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, // Check if a string has a non-whitespace character in it rnotwhite = /\S/, |