|Starting To Oust Sizzle From jQuery|
|Written by Ian Elliot|
|Tuesday, 16 April 2019|
jQuery 3.4.0 has just been released. It is the last minor release on the 3.x branch and in preparation for the removal of the Sizzle selector engine from the next major release, jQuery 4.0, it deprecates Sizzle's, non-standard, positional selectors.
We didn't cover jQuery 3.3.0, quickly superseded by 3.3.1, when it was released over a year ago on the ground that it was a minor release that was mainly deprecations of functions that had outlived their usefulness. it included only one new feature - that the
As Timmy Willison, team lead for jQuery Core, reminds us in his blog post announcing jQuery 3.4:
While initially part of jQuery, Sizzle has had a wider-ranging influence and its selectors have made their way into modern browsers, making them redundant in jQuery, hence the decision to remove Sizzle in jQuery 4.0.
To pave the way for this change, in which Sizzle will be replaced by a small wrapper around querySelectorAll, the following list of non-standard positional selectors, that would be almost impossible to reimplement without a larger selector engine, are being deprecated:
Noting that the postional methods, such as:
will still be supported, Willison says, and I have to agree with him:
Anything you can do with positional selectors, you can do with positional methods instead. They perform better anyway.
On the other hand if you have to support a legacy browser, such as IE, Internet Explorer, you may need to continue to use Sizzle, either by using an version of jQuery pre-dating 4.0, the date for which has yet to be announced, or by downloading Sizzle itself.
One of the other changes in jQuery 3.4.0 addresses an event handling issue, expected state, that had been fixed with checkboxes but accidentally left out radio inputs. Now when an element is clicked and true is logged the checked property is updated before the event handler is executed as in this example:
Another fix is for the Prototype Pollution vulnerability which caused unintended behaviour when using:
Until now if an unsanitized source object contained an enumerable
As well as including the fix in this release patch diffs have been made available by Daniel Ruf on GitHub for previous versions.
Willison warns however:
Note that while jQuery does its best to protect users from security vulnerabilities, jQuery is a DOM manipulation library that will generally do what you tell it to do. In this case, the behavior was likely unexpected, so
Also in the new release, there's a performance improvement in .width and .height to eliminate layout thrashing when getting and setting dimensions. This is fixed in all browsers apart from IE.
Finally, with regard to adding script elements through methods like .html and .append, support has been added for the previously ignored nonce and nomodule attributes. jQuery 3.4 now hangs on to them to load and execute the remote content they refer to.
All in all this seems a worthwhile minor upgrade, leaving this branch in a good state and allowing the community to move on to jQuery 4.
As well as the standard version of jQuery 3.4.0, which can be obtained from the jQuery CDN or directly:
there is a "slim" version that excludes the ajax and effects modules, saving about 6k zipped bytes:
or email your comment to: firstname.lastname@example.org
|Last Updated ( Tuesday, 16 April 2019 )|