jQuery

jQuery 3.6.4 Released: Selector Forgiveness

Posted on by

If you’ve been following along with recent jQuery releases, we have been working on how to address the recent addition of some new selectors in browsers, especially :has. jQuery 3.6.3 settled on the strategy of using native CSS.supports to determined whether a selector should be passed directly to querySelectorAll or instead go through jQuery’s selector engine, as might be the case when using jQuery selector extensions, complex :not(), or other selectors that are valid in jQuery but not in the browser. That all technically worked fine, but came with a downside. Fortunately for us, the fix is no longer necessary and we can go back to the old way. More on that below.

As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. Here are the highlights for jQuery 3.6.4.

The Difference Between What Is Right and What Is Allowed

Whenever you use a selector in CSS, or JS, there is more than one spec involved. There’s a spec to determine whether a selector is valid (i.e. Selectors) and there’s a spec to guide implementers in how a selector should be parsed (i.e. the parser algorithm for consuming a simple block). The parser implementation is more forgiving than the selector spec itself, to allow for things like attribute selectors missing the last ] character.

When we addressed an issue with some selectors that were being added to modern browsers—specifically :has—we started making use of another API available in most of our supported browsers—CSS.supports—to determine whether a selector could safely be passed to native querySelectorAll or whether it needed to go through jQuery’s selector engine. Selectors may need to bypass qSA for multiple reasons. It may be a jQuery-only selector extension (:contains), a standard selector that jQuery supports in a more robust way (:not(complex)), or a selector we know to be buggy sometimes (:enabled or :disabled). Whatever the reason, the introduction of “forgiving parsing” in selectors like :has made our previous way of determining that an issue because the browser would no longer throw errors for some truly invalid selectors. For instance, :has(:contains) no longer threw an error when passed to querySelectorAll. Neither did :has(:monkey) for that matter. CSS.supports seemed to be the answer.

And yet, every solution can have a trade-off. The problem now was that selectors that were technically invalid according to the Selectors spec were throwing errors. But these same selectors used to work fine because the parsers were more, for lack of a better term, forgiving. Essentially, CSS.supports is not as forgiving as the parser.

Meanwhile, in our discussions with spec writers and vendors, it was agreed that we needed to prevent issues similar to the one with :has from happening again in the future. What does that mean? It means we can go back to the old way . . . mostly. While the spec has been updated, browsers will need some time to update their implementations. And because of that, we still recommend upgrading jQuery to the latest version.

Upgrading

We do not expect compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.

The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.

If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.

Download

You can get the files from the jQuery CDN, or link to them directly:

https://code.jquery.com/jquery-3.6.4.js

https://code.jquery.com/jquery-3.6.4.min.js

You can also get this release from npm:

npm install [email protected]

Slim build

Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:

https://code.jquery.com/jquery-3.6.4.slim.js

https://code.jquery.com/jquery-3.6.4.slim.min.js

These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.

Thanks

Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including Michal Golebiowski-Owczarek and the whole jQuery team.

We’re on Mastodon!

jQuery now has its very own Mastodon account. We will be cross posting to both Twitter and Mastodon from now on. Also, you may be interested in following some of our team members that have Mastodon accounts.

jQuery: https://social.lfx.dev/@jquery

mgol: https://hachyderm.io/@mgol

timmywil: https://hachyderm.io/@timmywil

Changelog

Full changelog: 3.6.4

Build

  • Update Sizzle from 2.3.9 to 2.3.10 (#5194, dbe09e39)
  • Updating the 3.6-stable version to 3.6.4-pre. (a0d68b84)
jQuery

jQuery 3.6.3 Released: A Quick Selector Fix

Posted on by

Last week, we released jQuery 3.6.2. There were several changes in that release, but the most important one addressed an issue with some new selectors introduced in most browsers, like :has(). We wanted to release jQuery 3.6.3 quickly because an issue was reported that revealed a problem with our original fix. More details on that below.

As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. Here are the highlights for jQuery 3.6.3.

Using CSS.supports the right way

After the issue with :has that was fixed in jQuery 3.6.2, we started using CSS.supports( "selector(SELECTOR)") to determine whether a selector would be valid if passed directly to querySelectorAll. When CSS.supports returned false, jQuery would then fall back to its own selector engine (Sizzle). Apparently, our implementation had a bug. In CSS.supports( "selector(SELECTOR)"), SELECTOR needed to be a <complex-selector> and not a <complex-selector-list>. For example:

CSS.supports("selector(div)"); // true
CSS.supports("selector(div, span)"); // false

This meant that all complex selector lists were passed through Sizzle instead of querySelectorAll. That’s not necessarily a problem in most cases, but it does mean that some level 4 selectors that were supported in browsers but not in Sizzle, like :valid, no longer worked if it was part of a selector list (e.g. "input:valid, div"). It should be noted this currently only affects Firefox, but it will be true in all browsers as they roll out changes to CSS.supports.

This has now been fixed in jQuery 3.6.3 and it is the only functional change in this release.

Upgrading

We do not expect compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.

The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.

If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.

Download

You can get the files from the jQuery CDN, or link to them directly:

https://code.jquery.com/jquery-3.6.3.js

https://code.jquery.com/jquery-3.6.3.min.js

You can also get this release from npm:

npm install [email protected]

Slim build

Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:

https://code.jquery.com/jquery-3.6.3.slim.js

https://code.jquery.com/jquery-3.6.3.slim.min.js

These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.

Thanks

Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including Michal Golebiowski-Owczarek and the whole jQuery team.

Changelog

Full changelog: 3.6.3

Build

  • remove stale Insight package from custom builds (81d5bd17)
  • Updating the 3.x-stable version to 3.6.3-pre. (2c5b47c4)

Selector

jQuery

jQuery 3.6.2 Released!

Posted on by

You probably weren’t expecting another release so soon, but jQuery 3.6.2 has arrived! The main impetus for this release was the introduction of some new selectors in Chrome. More on that below.

As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. Here are the highlights for jQuery 3.6.2.

undefined and whitespace-only CSS variables

jQuery 3.6.1 introduced a minor regression where attempting to retrieve a value for a custom CSS property that didn’t exist (i.e. $elem.css("--custom")) threw an error instead of returning undefined. This has been fixed in 3.6.2. Related to that, we also made sure that whitespace-only values return the same thing across all browsers. The spec requires that CSS variable values be trimmed, but browsers are inconsistent in their trimming. We now return undefined for whitespace-only values to make it consistent with older jQuery and across the different browsers.

.contains() with <template>

An issue was recently reported that showed that a <template>‘s document had its documentElement property set to null, in compliance with the spec. While it made sense semantically for a template to not yet be tied to a document, it made for an unusual case, specifically in jQuery.contains() and any methods relying on it. That included manipulation and selector methods. Fortunately, the fix was simple.

It wasn’t Ralph that broke the internet

The internet experienced a bit of a rumble when Chrome recently introduced some new selectors, the most pertinent of which being :has(). It was a welcome addition, and one celebrated by the jQuery team, but a change to the spec meant that :has() used what’s called “forgiving parsing”. Essentially, even if the arguments for :has() were invalid, the browser returned no results instead of throwing an error. That was problematic in cases where :has() contained another jQuery selector extension (e.g. :has(:contains("Item"))) or contained itself (:has(div:has(a))). Sizzle relied on errors like that to know when to trust native querySelectorAll and when to run the selector through Sizzle. Selectors that used to work were broken in all jQuery versions dating back to the earliest jQuery versions.

And yet, this little drama didn’t last long. The Chrome team quickly implemented a workaround to fix previous jQuery versions in the vast majority of cases. Safari handled their implementation of :has() a little differently and didn’t have the same problem. But, there’s still an important issue open to determine how to address this in the CSS spec itself. The CSSWG has since resolved the issue.

jQuery has taken steps to ensure that any forgiving parsing doesn’t break future jQuery versions, even if previous jQuery versions would still be affected.

Upgrading

We do not expect compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.

The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.

If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.

Download

You can get the files from the jQuery CDN, or link to them directly:

https://code.jquery.com/jquery-3.6.2.js

https://code.jquery.com/jquery-3.6.2.min.js

You can also get this release from npm:

npm install [email protected]

Slim build

Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:

https://code.jquery.com/jquery-3.6.2.slim.js

https://code.jquery.com/jquery-3.6.2.slim.min.js

These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.

Thanks

Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including sashashura, Anders Kaseorg, Michal Golebiowski-Owczarek, and the whole jQuery team.

Changelog

Full changelog: 3.6.2

CSS

  • Return undefined for whitespace-only CSS variable values (#5120) (8bea1dec)
  • Don’t trim whitespace of undefined custom property (#5105, c0db6d70)

Selector

Tests

  • Remove a workaround for a Firefox XML parsing issue (965391ab)
  • Make Ajax tests pass in iOS 9 (d051e0e3)
jQuery

jQuery 3.6.1 Maintenance Release

Posted on by

jQuery 3.6.1 has been released! It’s been a while since our previous release. We were looking at fixing some elusive edge cases related to focus and blur, but we never quite got the fix right. If there’s any area of jQuery that’s hard to change, it’s likely related to focus somehow. We’re leaving those as-is for now and will address them in the future, especially since the changes may end up warranting a major version release. See gh-4856 and gh-4950 for more details.

That said, this release still comes with some important fixes, detailed below.

As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. Here are the highlights for jQuery 3.6.1:

Infrastructure Improvements

We’ve done a lot of work in this release to update some of our testing and build infrastructure, including migrating CI from Travis CI to GitHub Actions, testing on Node 16 instead of Node 15, loading our testing listener over https, and adding more accurate testing for custom builds. We also removed some old links from comments in some files in the repo. These links were to URLs that have since been compromised. While these files were never distributed in a release, they still existed in the GitHub source and have been removed.

Not losing focus

There’s still one fix related to focus in this release. Our special event handling for focus remained attached even after jQuery focus handlers were removed, which broke any subsequent manual focus triggers. For example,

$elem.on("focus", function() {}).off("focus").trigger("focus");

would not trigger focus.

Skipping falsey in addClass( array )

Without any size increase, we added support for skipping over any falsey values in an array passed to addClass or removeClass.

This makes code like:

elem.addClass( [ "a", "", "b" ] );

add both the a & b classes.

Aligning with the spec for custom CSS property values

A change to the CSS spec requires that custom properties be trimmed. Whitespace is now trimmed for custom CSS property values. Before, something like --prop: value ; would retain the leading and trailing spaces in the value, returning ” value “.

Appending scripts with HTML comments

An issue was discovered with our regex that strips HTML comments from scripts when they are appended, which ended up removing parts of the executable script in certain edge cases. Fortunately, our fix was to rely more on the browsers, but we still need to strip CDATA sections for IE in the 3.x branch. That will be removed in 4.0.

A performance boost for jQuery.trim

While jQuery.trim has already been removed on the main branch in favor of native String#trim in preparation for the next major release, it’s still needed on the 3.x branch for some browsers that branch supports, such as Android 4.0. There were certain edge cases that were incredibly slow due to the structure of our regex. That has since been changed and the speed-up is significant.

Upgrading

We do not expect compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.

The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.

If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.

Download

You can get the files from the jQuery CDN, or link to them directly:

https://code.jquery.com/jquery-3.6.1.js

https://code.jquery.com/jquery-3.6.1.min.js

You can also get this release from npm:

npm install [email protected]

Slim build

Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:

https://code.jquery.com/jquery-3.6.1.slim.js

https://code.jquery.com/jquery-3.6.1.slim.min.js

These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.

Thanks

Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including fecore1, Richard Gibson, Simon Legner, Michal Golebiowski-Owczarek, Vladimir Sitnikov, Timo Tijhof, Christian Oliff, ygj6, and the whole jQuery team.

Changelog

Full changelog: 3.6.1

CSS

  • Skip falsy values in `addClass( array )`, compress code (#4998, 9b34bdb1)
  • Justify use of rtrim on CSS property values (a1373e2e)
  • Remove a redundant extension from rtrimCSS inclusion in curCSS (509eeb89)
  • Trim whitespace surrounding CSS Custom Properties values (#4926, 219ccf5c)

Deprecated

  • Improve $.trim performance for strings with lots of whitespace (69940100)

Docs

  • Update webpack website in README (410d5cf0)
  • add link to preview the new CLAs (b24e83bd)
  • Replace `#NUMBER` Trac issue references with `trac-NUMBER` (95e34b69)
  • remove expired links from old jquery source (c3c4d207)
  • Remove links to Web Archive from source (#4981, 4b0d8900)
  • Update the URL to the latest jQuery build in CONTRIBUTING.md (4bb7d069)
  • Remove the CLA checkbox in the pull request template (93406490)

Event

  • Don’t break focus triggering after `.on(focus).off(focus)` (#4867, b3e4a7eb)

Manipulation

Tests

  • Exclude tests based on compilation flags, not API presence (3.x version) (#5069, bc165128)
  • Workaround an XML parsing bug in Firefox (be3bd560)
  • lock colors version to 1.4.0 (fa70e8fd)
  • Skip ETag AJAX tests on TestSwarm (81fa1e2a)
  • Allow statusText to be “success” in AJAX tests (7439e221)
  • Disable CSS Custom Properties tests in old Safari/iOS (e9f77267)
  • Make Karma browser timeout larger than the QUnit one (a51eec74)
  • Don’t remove csp.log in the cspClean action of mock.php (ba81326f)
  • Load the TestSwarm listener via HTTPS (f6f07204)
  • Switch background image from online file to local 1×1.jpg (8d20cb97)
  • Strip untypical callback parameter characters from mock.php (b14b62c8)

Infrastructure

  • Update GitHub Actions (0f6c3d9e)
  • Add dependabot.yml config (GitHub Actions) (5a363017)
  • Test on Node 17, update Grunt & `karma-*` packages (9bc0df70)
  • Separate the install step from running tests in GitHub Actions (cb35067f)
  • remove travis.yml and travis mentions from core (#4984) (55669883)
  • Migrate CI to GitHub Actions (b39cfa15)
  • Test on Node.js 16 instead of 15 (f12cac60)
  • Take core-js from the external directory as well (752b8981)
  • Updating the 3.x-stable version to 3.6.1-pre. (3642471e)
Uncategorized

jQuery maintainers continue modernization initiative with deprecation of jQuery Mobile

Posted on by

By: Michal Golebiowski-Owczarek, Felix Nagel, and the jQuery team

Editor’s Note: the following blog post was originally published to the OpenJS Foundation Blog.

jQuery maintainers are continuing to modernize its overall project that still is one of the most widely deployed JavaScript libraries today. The team announced that the cross-platform jQuery Mobile project under its umbrella will be fully deprecated as of October 7, 2021. New technologies for mobile app development have evolved since this project was launched in 2010, so we’re encouraging developers to plan for this jQuery Mobile transition.

Please note that:

  • The Download Builder will remain available.
  • Mobile 1.4 is not compatible with the new jQuery Core.
  • Issues will be turned off. Please report critical security bugs via email to [email protected] 

Celebrating jQuery Mobile’s History

jQuery Mobile was conceived and announced in 2010, three years after the launch of jQuery.  The project was exciting and ambitious. At announcement, jQuery Mobile promised compatibility across multiple platforms, browsers, and versions. Several mobile browser vendors, including Palm and Mozilla, signed on to sponsor the project: 


“The jQuery community has focused on making the Web as productive and fun as possible. When we heard the mission behind jQuery Mobile, we wanted to help. With webOS we have shown that the Web platform is fantastic for developers, so we are excited to help make jQuery Mobile as good as it can be.” -Dion Almaer – Palm

At the time, the mobile web was desperately in need of a framework capable of working across all browsers, allowing developers to build truly mobile web applications. jQuery had already changed the way developers were building on the web, making it easier (and faster) to create secure, compliant applications. 

With jQuery Mobile, the project’s goals were to bring the ease-of-use of jQuery to HTML-capable mobile device browsers and to make it easier for developers to build progressively enhanced web applications. Led by Todd Parker of Filament Group, a development studio known for their work on cross platform and accessibility-first applications, jQuery Mobile launched its alpha release in October 2010. 

Alpha features included several components, layouts and theming tools that simplified the process of building a mobile web application. Progressive enhancement and graceful degradation, which were hot (and tricky) topics in web development at the time, featured heavily: jQuery Mobile promised developers and users the best possible experience their platform could handle. Accessibility was another key feature, with Mobile promising a user experience that could be navigated by touch, keyboard, or screen reader via ARIA compatible components. Additional features such as simplicity, file size, and the ability to deploy jQuery Mobile applications through an app store drove further excitement. 

Over the next year, the jQuery Mobile team continued to add compatible platforms and browsers, new components and themes, and eventually a themeroller tool that allowed developers to configure and download themes without writing any CSS. 

The community response was overwhelming – by the time 1.0 was released in November 2011, jQuery Mobile had gathered over 125 contributors, dozens of articles, tutorials and demos, 8 published books, and a gallery of sites, plugins and extensions to welcome and introduce new developers to the project. 

jQuery Mobile continued to make monthly releases throughout 2012 and 2013, regularly adding and improving components, resolving compatibility issues with mobile browsers, and making performance improvements to speed up page rendering times. The development team also continued to prioritize and highlight the importance of responsive web design and accessibility principles with each new release. 

As the number of components and widgets swelled – both those that were officially supported or widely adopted in the community, performance and compatibility issues with mobile platforms, browsers, and jQuery core were also exacerbated. Though the project did have some automated tests, there were still a number of items that needed to be tested manually, which slowed down the development process. 

In mid 2013, Jasper de Groot became the project lead and announced tighter development collaboration between jQuery UI and jQuery Mobile teams, sharing goals, roadmaps and code in order to ease the workload for both groups. The team continued to provide maintenance releases and support, but progress continued to slow under the burden of testing and supporting such a large community. 

Alex Schmitz took over the lead in July 2014, but by that time the size of the project, combined with the pace and availability of new mobile browser features, made finding a viable path forward for the project increasingly difficult. 

The latest stable version was released October 2014. Alex and team made a big push to update jQuery Mobile again in 2017 with the release of an alpha version of 1.5; this version would see compatibility with jQuery 3.0 and npm support among other things.

jQuery Mobile became an OpenJS Foundation Emeritus project in 2018, signifying that the goals of the project had been achieved.

jQuery modernization initiative

The depreciation of jQuery mobile follows the careful transition of another project under the jQuery project umbrella, jQuery UI.

jQuery Core is still actively maintained and widely implemented. As part of its modernization initiative, the team also has been making a series of updates this year to its infrastructure, including migrating and improving its CDN.

Celebrating jQuery Mobile Maintainers and Contributors

The contributions to jQuery Mobile opened up opportunities for people and organizations around the world, and we are thankful for all the contributions over the years. We would like to give an extra shout out of gratitude to the past maintainers of jQuery Mobile: Alexander Schmitz, Jasper de Groot, and Todd Parker.

jQuery UI

jQuery maintainers update and transition jQuery UI as part of overall modernization efforts

Posted on by

By: Michal Golebiowski-Owczarek, Felix Nagel, and the jQuery team

Editor’s Note: the following blog post was originally published to the OpenJS Foundation Blog.

The jQuery project is actively maintained and widely implemented — it’s used by 73% of 10 million most popular websites. As part of its ongoing effort to modernize the project, jQuery maintainers have taken steps to wind down one of its projects under the jQuery umbrella through a careful transition. 

Today, jQuery UI announced version 1.13 — its first release in 5 years and the project’s final planned release. Perhaps the most important update is that jQuery UI 1.13 now runs on the latest version of jQuery Core, providing a number of browser compatibility and security updates that have been missing from previous releases, in addition to community fixes and improvements. The jQuery UI Download Builder has also been restored and updated so developers can continue to download UI along with their favorite themes. The release is part of an ongoing series of updates across all jQuery projects.

jQuery UI is in maintenance-only mode. Users should not expect any new releases, though patches may be issued to resolve critical security, interoperability, or regression bugs. Trac, the project’s bug-tracking tool, has been put in read-only mode and developers are asked to file any critical issues on the project’s GitHub repository

jQuery UI was first launched in September 2007 as a curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery library. It quickly gained popularity because it was one of the best tested and most accessible UI frameworks of its time. The tool helped developers build UI components such as form controls and date pickers using the best practices back then. In its heyday, jQuery UI was adopted by a broad set of enterprises including Pinterest, PayPal, IMDB, Huffington Post, and Netflix. 

Today, jQuery UI continues to be an important testbed for jQuery Core updates, helping the maintainer team spot bugs and interoperability issues that arise as the web platform evolves. 

Celebrating jQuery UI’s History

With the launch of jQuery in 2006, web developers were able to access and manipulate DOM and CSS faster and easier than ever before. Thousands of open source jQuery widgets and plugins were created to handle previously tricky problems, like showing and hiding elements, rotating through image carousels, or picking dates on a calendar. The jQuery ecosystem became a playground full of tools for making new and interesting interactions possible on the web. 

‘New and interesting’ doesn’t always translate to ‘good and useful’ — though there were many good plugins available, it was not always easy to tell which would be the most performant or provide the best user experience. Developers might have to go searching for the right tools or worse, spend significant time swapping through several plugins to figure out which one worked best. Further, there were few examples of best practices in user experience on the web, so visitors to one website could have vastly different (and thus confusing) interactions when they performed a similar task on another website. 

Members of the jQuery Core team wanted to help developers write performant, high-quality, and reusable jQuery components for their sites and applications. After some discussion, the idea for a second library with strict standards for coding, documentation, and theming was born. The project’s vision and goals included: developing a collaborative design process; providing flexible styling and themes; creating elegant visual and interaction design; providing a robust API; and prioritizing progressive enhancement, accessibility, internationalization and localization support.

In September 2007, jQuery UI officially launched as a set of user interface interactions, effects, widgets, and themes built on top of jQuery. Soon after, the team shifted their focus to provide a full set of APIs and methods to allow developers to create flexible, full-featured widgets that met high standards of quality. CSS effects such as easing and animation were added in and helped developers create more modern, enhanced experiences. The team at Filament Group later added a ThemeRoller, allowing developers to get started quickly by providing customizable theme boilerplate. ThemeRoller is still operational today.  

By the end of 2008, jQuery UI had an exploding community of users, developers, and interaction designers regularly providing updates and improvements to the project as best practices and style preferences evolved. Between 2009 and 2016, the community provided a variety of new official and unofficial themes and plugins, interoperability and other bug fixes, robust testing processes, and support for multiple versions of jQuery. 

jQuery UI’s prior official release came in September 2016, nearly a decade after it started. In that timeframe, the jQuery community had helped inspire dozens of other open source projects, pattern and component libraries. But newer CSS frameworks and approaches were taking hold, and slowly the community moved on to other projects. The UI team and jQuery Mobile teams merged, and the group focused more on maintenance and compatibility with jQuery Core.  

jQuery UI became an OpenJS Foundation Emeritus project in 2018, recognizing that it was winding down while noting the significance it had for the JavaScript ecosystem.

Celebrating jQuery UI Maintainers and Contributors

The scope of the project and the inclusiveness of the community was responsible for helping countless web makers develop a love and appreciation for user experience, localization, internationalization, accessibility, and clean, reusable code. Though many hours of work and contribution went into making jQuery UI a successful library, the jQuery UI core team deserves extra recognition for more than a decade of hard work shepherding the work and the community throughout the project’s lifecycle. Alex Schmitz, Jörn Zaefferer, Felix Nagel, Mike Sherov, Rafael Xavier de Souza, and Scott González led a team of many core contributors and more than 300 additional authors.

Additional gratitude is owed to Micha? Go??biowski-Owczarek for preparing the 1.13 release and stewarding the repository for the past year. 

OpenJS Foundation will forever be grateful for the work of these open source developers and the impact they had on the ecosystem through their work. Please join us in celebrating these developers and jQuery UI!

jQuery

jQuery project updates addressing temporary CDN issues

Posted on by

As part of its ongoing infrastructure updates, the jQuery infrastructure team is making configuration and deployment changes to address intermittent outages reported by some users. The issue is the result of faulty IP allowlisting which affects users downloading jQuery project assets from certain IP addresses.

This issue is expected to be resolved in the next few weeks. In the interim, users can mitigate the issue by downloading and serving the files they need.

CDN migration is part of a package of infrastructure improvement projects the project has been undertaking this year. The infrastructure team plans to provide a full overview of these improvements, which will help support the long-term maintenance of jQuery and its related projects, later this summer.

jQuery continues to be a widely-used open source project with active maintainers. While many sites host jQuery locally, others rely upon the jQuery CDN to deliver the library on demand. On average, the jQuery CDN delivers over 2 petabytes of code per month. The project is hosted at the OpenJS Foundation, the vendor-neutral organization to grow and sustain the JavaScript and web ecosystem.

jQuery

jQuery 3.6.0 Released!

Posted on by

jQuery 3.6.0 has been released! In jQuery 3.5.0, the major change was a security fix for the html prefilter. This release does not include a security fix, but does have some good bug fixes and improvements. We still have our eyes on a jQuery 4.0 release, but until then we will continue to support the 3.x branch and address important issues.

As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time. Here are the highlights for jQuery 3.6.0:

Returning JSON even for JSONP errors

You may have guessed from the minor version that a feature snuck into this release. In previous versions, when a JSONP request responded with an error, often the response was still an executable script. We’ve changed the default behavior to try and execute the response in this situation. Normal scripts will still be skipped when an error is encountered. See gh-4771 for more information.

Fixes

One bug worth highlighting has to do with redirecting focus to another element in a focus handler. Take this example where a focus handler is triggered inside another focus handler:

elem1.on( "focus", function() {
  elem2.trigger( "focus" );
} );

Due to their synchronous nature everywhere outside of IE, a fix added in 3.4.0 to leverage native events caused the native .focus() method to be called last for the initial element, making it steal the focus back. While the code continues to leverage native focus and blur events, we were able to fix this by aligning even more with native methods and only propagating the last focus event up the DOM tree.

Other bug fixes and improvements include a fix for retrieving dimensions on table rows in Firefox, a fix for a crash in Chrome when a focusout event was triggered on a removed element, several improvements to some tests, and more. You’ll find the full changelog below.

Upgrading

Aside from the change to no longer ensure XHTML-compliant tags for you, we do not expect other compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.

The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.

If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.

Download

You can get the files from the jQuery CDN, or link to them directly:

https://code.jquery.com/jquery-3.6.0.js

https://code.jquery.com/jquery-3.6.0.min.js

You can also get this release from npm:

npm install [email protected]

Slim build

Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:

https://code.jquery.com/jquery-3.6.0.slim.js

https://code.jquery.com/jquery-3.6.0.slim.min.js

These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.

Thanks

Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including Dallas Fraser, Michal Golebiowski-Owczarek, Wonseop Kim, Wonhyoung Park, Beatriz Rezener, Natalia Sroka, and the whole jQuery team.

Changelog

Full changelog: 3.6.0

Ajax

Core

Deferred

Dimensions

  • Modify reliableTrDimensions support test to account for FF (#4529, bcd40aa7)

Docs

  • Change JS Foundation mentions to OpenJS Foundation (db43ef0b)

Event

Selector

Support

  • ensure display is set to block for the support div (#4844) (#4832, f8bdb127)

Tests

  • Fix tests for not auto-executing scripts without dataType (7298e04f)
  • Skip the jQuery.parseXML error reporting test in Legacy Edge (bf06dd47)
  • Fix the jQuery.parseXML error reporting test (1ec36332)
  • Recognize callbacks with dots in the Node.js mock server (4c572a7f)
  • Skip the “jQuery.ajax() on unload” test in Safari (4f016c64)
  • Remove an unused local variable (beea433d)
  • Remove remaining obsolete jQuery.cache references (5e028c76)
  • Remove obsolete jQuery data tests (8ad78cdb)
jQuery

jQuery 3.5.1 Released: Fixing a Regression

Posted on by

I’ve never gotten to say this on a jQuery release, but May the 4th be with you! A short time ago in a galaxy exactly like this one, we released jQuery 3.5.0. We have a quick fix for a regression in that release.

Specifically, we had changed our internal data object to use Object.create( null ) instead of a plain object ({}). We did that to prevent collisions with keys on Object.prototype properties. However, this also meant that users (especially plugins) could no longer check what was in jQuery data with the native .hasOwnProperty() method, and it broke some code. We’ve reverted that change, but plan to put it back in jQuery 4.0. This change is the only code change in this release. Other changes include some minor updates to our docs and build system.

Security fixes in 3.5.0

jQuery 3.5.0 included fixes for two security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others. Security advisories for both of these issues have been published on GitHub. While we provided all of the details on the first issue in the jQuery 3.5.0 blog post, we did not provide all of the details on the second and would like to do that in this post.

The second issue was very similar to the first. It was an XSS vulnerability that had to do with passing <option> elements to jQuery’s DOM manipulation methods. Essentially, we’re using a regex to wrap <option> elements with <select> elements to ensure those elements get parsed correctly in old IE (IE <= 9 replaces any <option> tags with their contents when inserted outside of a <select> element).

Our fix is to only apply this code where it is needed. Fortunately, because of the different parsing behavior in IE9, we can keep the fix in IE9 without exposing it to the same vulnerability as other browsers. Please upgrade when you get a chance to avoid these vulnerabilities.

Upgrading

If you haven’t yet upgraded to jQuery 3.5, have a look at the 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide. Also, the jQuery Migrate plugin will help you to identify compatibility issues in your code.

If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions. Please try out this new release and let us know about any issues you experienced.

Download

You can get the files from the jQuery CDN, or link to them directly:

https://code.jquery.com/jquery-3.5.1.js

https://code.jquery.com/jquery-3.5.1.min.js

You can also get this release from npm:

npm install [email protected]

Slim build

Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:

https://code.jquery.com/jquery-3.5.1.slim.js

https://code.jquery.com/jquery-3.5.1.slim.min.js

These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.

Thanks

Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including Pierre Grimaud, Michal Golebiowski-Owczarek, Ed S, vanillajonathan, and the whole jQuery team.

Changelog

Full changelog: 3.5.1

Build

  • Test on Node.js 14, stop testing on Node.js 8 & 13 (205dd134)
  • Enable reportUnusedDisableDirectives in ESLint (b21d6710)
  • Updating the 3.x-stable version to 3.5.1-pre. (898784ab)

Data

Docs

Tests

  • Workaround failures in recent XSS tests in iOS 8 – 12 (ea2d0d50)
  • Add tests for recently fixed manipulation XSS issues (58a8e879)
  • Cleanup `window` & `document` handlers in a new event test (c1c0598d)
  • Fix flakiness in the “jQuery.ajax() – JSONP – Same Domain” test (46ba70c5)
jQuery

jQuery 3.5.0 Released!

Posted on by

jQuery 3.5.0 has been released! As usual, the release is available on our cdn and the npm package manager. Other third party CDNs will probably have it soon as well, but remember that we don’t control their release schedules and they will need some time.

We hope you’re staying healthy and safe while so many of us are stuck at home. With a virus ravaging the planet, we realize that jQuery may not be a high priority for you or the sites you manage. When you do have a moment, we recommend that you review this new version and upgrade.

Security Fix

The main change in this release is a security fix, and it’s possible you will need to change your own code to adapt. Here’s why: jQuery used a regex in its jQuery.htmlPrefilter method to ensure that all closing tags were XHTML-compliant when passed to methods. For example, this prefilter ensured that a call like jQuery("<div class='hot' />") is actually converted to jQuery("<div class='hot'></div>"). Recently, an issue was reported that demonstrated the regex could introduce a cross-site scripting (XSS) vulnerability.

The HTML parser in jQuery <=3.4.1 usually did the right thing, but there were edge cases where parsing would have unintended consequences. The jQuery team agreed it was necessary to fix this in a minor release, even though some code relies on the previous behavior and may break. The jQuery.htmlPrefilter function does not use a regex in 3.5.0 and passes the string through unchanged.

If you absolutely need the old behavior, using the latest version of the jQuery migrate plugin provides a function to restore the old jQuery.htmlPrefilter. After including the plugin you can call jQuery.UNSAFE_restoreLegacyHtmlPrefilter() and jQuery will again ensure XHTML-compliant closing tags.

However, to sanitize user input properly, we also recommend using dompurify with the SAFE_FOR_JQUERY option to sanitize HTML from a user. If you don’t need the old behavior, but would still like to sanitize HTML from a user, dompurify should be used without the SAFE_FOR_JQUERY option, starting in jQuery 3.5.0. For more details, please see the 3.5 Upgrade Guide.

Features

With what we call “positional selectors” being deprecated and slated for removal in jQuery 4.0, we’ve added the last two necessary replacement methods. Specifically, we’ve added the .even() and .odd() methods to replace the :even and :odd selectors. With these methods in place, we can safely remove these overly complicated selectors in jQuery 4.0.

Another small feature that we’ve added to this release is the ability to add a context to jQuery.globalEval. This was done as part of fixing a bug with script execution in iframes.

Fixes

One bug worth highlighting is a bug we fixed in the Ajax script transport. jQuery used to evaluate any response to a request for a script as a script, which is not always the desired behavior. This is different than other data types where such a convention was fine (e.g. in the case of JSON). jQuery 3.5.0 will now only evaluate successful HTTP responses.

Other bug fixes and improvements include performance improvements in Sizzle, support for massive arrays in jQuery.map, using the native .flat() method where supported, a fix for syntax errors in the AMD modules, several improvements to our testing infrastructure, and more. You’ll find the full changelog below.

Deprecations

It wouldn’t be a jQuery release without some deprecations. In jQuery 3.5.0, we’ve put jQuery.trim on the list. JavaScript’s own String.prototype.trim() is an easy replacement for it.

We’ve also put AJAX event aliases on the list, they can be replaced by .on("ajaxStart", …) and the like. jQuery Migrate will warn about these now-deprecated methods, but they’ll stick around until jQuery 4.0.

Upgrading

Aside from the change to no longer ensure XHTML-compliant tags for you, we do not expect other compatibility issues when upgrading from a jQuery 3.0+ version. To upgrade, have a look at the new 3.5 Upgrade Guide. If you haven’t yet upgraded to jQuery 3+, first have a look at the 3.0 Upgrade Guide.

The jQuery Migrate plugin will help you to identify compatibility issues in your code. Please try out this new release and let us know about any issues you experienced.

If you can’t yet upgrade to 3.5+, Daniel Ruf has kindly provided patches for previous jQuery versions.

Download

You can get the files from the jQuery CDN, or link to them directly:

https://code.jquery.com/jquery-3.5.0.js

https://code.jquery.com/jquery-3.5.0.min.js

You can also get this release from npm:

npm install [email protected]

Slim build

Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:

https://code.jquery.com/jquery-3.5.0.slim.js

https://code.jquery.com/jquery-3.5.0.slim.min.js

These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.

Thanks

Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including Ahmed S. El-Afifi, Michal Golebiowski-Owczarek, Wonseop Kim, Dave Methvin, Shashanka Nataraj, Pat O’Callaghan, Sean Robinson, Christian Oliff, Christian Wenz, and the whole jQuery team.

We also would like to thank Masato Kinugawa for helping us identify and fix the security-related issues in this release.

Changelog

Full changelog: 3.5.0

Ajax

  • Do not execute scripts for unsuccessful HTTP responses (#4250, #4655, da3dd85b)
  • Overwrite s.contentType with content-type header value, if any (#4119, 065143c2)
  • Deprecate AJAX event aliases, inline event/alias into deprecated (7a3cf9c0)

Build

  • Resolve Travis config warnings (7506c9ca)
  • Enable ESLint one-var rule for var declarations in browser code (0fdfdd82)
  • Test the no-Sizzle build on Travis (362075ae)
  • Update .mailmap & AUTHORS.txt (19f2dcba)
  • Tests: Fix custom build tests, verify on Travis; name Travis jobs (d525ae34)
  • Lint the minified jQuery file as well (#3075, 37df5cdf)
  • Make Karma work in AMD mode (46c284b1)
  • Create a `grunt custom:slim` alias for the Slim build (4cbdc745)
  • Run tests on Travis only on browsers defined in the config (471b0043)
  • Run tests on Firefox ESR as well (0a73b94a)
  • Run tests on Node.js 13 in addition to 8, 10 & 12 (64c1fcc1)
  • Drop workarounds for Node.js 6 in Gruntfile.js (9f4204ec)
  • Run tests on Travis on FirefoxHeadless as well (ad3c2efa)
  • Require strict mode in Node.js scripts via ESLint (ac2da4e6)
  • Support jquery-release –dry-run flag (c7a5e1bd)
  • Stop copying src/core.js to dist on release (#4489, 279d2e97)
  • ESLint: forbid unused function parameters (d7e13f12)
  • Fix the regex parsing AMD var-modules (#4389) (36b59c96)

Core

  • Ajax: Align nonce & global with master, fix an AMD issue (22bf701f)
  • Fire iframe script in its context, add doc param in globalEval (#4518, 3dedc3f2)
  • Deprecate jQuery.trim (#4363, 56e73e0c)
  • Use Array.prototype.flat where supported (#4320, 2f666c1d)
  • Implement .even() & .odd() to replace POS :even & :odd (409cbda7)

CSS

  • Workaround buggy getComputedStyle on table rows in IE/Edge (#4490, 6d31477a)

Data

  • Event:Manipulation: Prevent collisions with Object.prototype (#3256, 413ff796)

Docs

  • Update links to EdgeHTML issues to go through Web Archive (d72faced)
  • Convert link to Homebrew from HTTP to HTTPS (ff5a43eb)

Effect

  • Fix a unnecessary conditional statement in .stop() (#4374, 30f5c6c3)

Event

  • Use only one focusin/out handler per matching window & document (#4652, 9e15d6b4)
  • Only attach events to objects that accept data – for real (#4397, f36f6abb)

Manipulation

  • Skip the select wrapper for option elements
  • Make jQuery.htmlPrefilter an identity function (1d61fd94)

Offset

Selector

Tests

  • Blacklist one focusin test in IE (1a4f10dd)
  • Pass a number of necessary done() calls to assert.async() (5ea844f6)
  • Make the support tests pass on Firefox 4x/5x/60 (f0d5ec62)
  • Skip a “width/height on a table row with phantom borders” test in Firefox (c79e1d5f)
  • Don’t test synchronous XHR on unload in Chrome (c5b48c8c)
  • Fix offset fractions tests in Chrome for Android (0c67da4b)
  • Move Android user agent detection above iOS, put Safari last (6276cb2e)
  • Make support tests accept Safari 13 & newer (8167327f)
  • update npo.js and include unminified source instead (3654bc83)

Traversing

  • Fix contents() on object elements with children in IE (90f78b9a)
  • Fix contents() on object elements with children (#4384, 42badf34)