What’s New in jQuery 3.5.0? Security Fixes and Updated Methods Explained
jQuery 3.5.0 focuses on security fixes, removes a vulnerable regex from htmlPrefilter, offers a migration plugin to restore the old behavior, and introduces .even() and .odd() methods as replacements for the deprecated positional selectors.
jQuery 3.5.0 has been released, primarily addressing security issues.
The jQuery.htmlPrefilter method previously used a regular expression to ensure that closing tags complied with XHTML rules, e.g., converting jQuery("<div class='hot' />") to jQuery("<div class='hot'></div>"). Recent reports indicated that the regex could introduce XSS vulnerabilities, so the new version removes the regex from jQuery.htmlPrefilter.
Developers who still need the regex behavior can use the latest jQuery Migration plugin to restore the jQuery.htmlPrefilter functionality.
Additionally, because jQuery 4.0 will deprecate positional selectors, this release adds two replacement methods: .even() and .odd(), which substitute the :even and :odd selectors.
For full details, see the official release notes.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
21CTO
21CTO (21CTO.com) offers developers community, training, and services, making it your go‑to learning and service platform.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.