Merge pull request #2 from igor-kulay/master

Bump jquery migrate to 1.2.1

Author: krishnasrihari

lib/jquery-migrate-rails/version.rb

@@ -1,7 +1,7 @@
 module Jquery
   module Migrate
     module Rails
-      VERSION = "1.1.1"
+      VERSION = "1.2.1"
     end
   end
 end

vendor/assets/javascripts/jquery-migrate-min.js

@@ -1,5 +1,5 @@
 /*!
- * jQuery Migrate - v1.1.1 - 2013-02-16
+ * jQuery Migrate - v1.2.1 - 2013-05-08
  * https://github.com/jquery/jquery-migrate
  * Copyright 2005, 2013 jQuery Foundation, Inc. and other contributors; Licensed MIT
  */
@@ -17,8 +17,8 @@ jQuery.migrateWarnings = [];
 // jQuery.migrateMute = false;
 
 // Show a message on the console so devs know we're active
-if ( !jQuery.migrateMute && window.console && console.log ) {
-	console.log("JQMIGRATE: Logging is active");
+if ( !jQuery.migrateMute && window.console && window.console.log ) {
+	window.console.log("JQMIGRATE: Logging is active");
 }
 
 // Set to false to disable traces that appear with warnings
@@ -33,10 +33,11 @@ jQuery.migrateReset = function() {
 };
 
 function migrateWarn( msg) {
+	var console = window.console;
 	if ( !warnedAbout[ msg ] ) {
 		warnedAbout[ msg ] = true;
 		jQuery.migrateWarnings.push( msg );
-		if ( window.console && console.warn && !jQuery.migrateMute ) {
+		if ( console && console.warn && !jQuery.migrateMute ) {
 			console.warn( "JQMIGRATE: " + msg );
 			if ( jQuery.migrateTrace && console.trace ) {
 				console.trace();
@@ -189,26 +190,35 @@ jQuery.attrHooks.value = {
 var matched, browser,
 	oldInit = jQuery.fn.init,
 	oldParseJSON = jQuery.parseJSON,
-	// Note this does NOT include the #9521 XSS fix from 1.7!
-	rquickExpr = /^(?:[^<]*(<[\w\W]+>)[^>]*|#([\w\-]*))$/;
+	// Note: XSS check is done below after string is trimmed
+	rquickExpr = /^([^<]*)(<[\w\W]+>)([^>]*)$/;
 
 // $(html) "looks like html" rule change
 jQuery.fn.init = function( selector, context, rootjQuery ) {
 	var match;
 
 	if ( selector && typeof selector === "string" && !jQuery.isPlainObject( context ) &&
-			(match = rquickExpr.exec( selector )) && match[1] ) {
+			(match = rquickExpr.exec( jQuery.trim( selector ) )) && match[ 0 ] ) {
 		// This is an HTML string according to the "old" rules; is it still?
 		if ( selector.charAt( 0 ) !== "<" ) {
 			migrateWarn("$(html) HTML strings must start with '<' character");
 		}
+		if ( match[ 3 ] ) {
+			migrateWarn("$(html) HTML text after last tag is ignored");
+		}
+		// Consistently reject any HTML-like string starting with a hash (#9521)
+		// Note that this may break jQuery 1.6.x code that otherwise would work.
+		if ( match[ 0 ].charAt( 0 ) === "#" ) {
+			migrateWarn("HTML string cannot start with a '#' character");
+			jQuery.error("JQMIGRATE: Invalid selector string (XSS)");
+		}
 		// Now process using loose rules; let pre-1.8 play too
 		if ( context && context.context ) {
 			// jQuery object as context; parseHTML expects a DOM object
 			context = context.context;
 		}
 		if ( jQuery.parseHTML ) {
-			return oldInit.call( this, jQuery.parseHTML( jQuery.trim(selector), context, true ),
+			return oldInit.call( this, jQuery.parseHTML( match[ 2 ], context, true ),
 					context, rootjQuery );
 		}
 	}
@@ -508,4 +518,4 @@ jQuery.each( ajaxEvents.split("|"),
 );
 
 
-})( jQuery, window );
+})( jQuery, window );