jQuery 3.5 - Still Relevant!
Written by Ian Elliot   
Wednesday, 15 April 2020

Although not as important as it once was, jQuery 3.5 has just been announced and it is still JavaScript's standard library.

Recently there has been much discussion of jQuery's relevance to modern JavaScript programming. Yes, you can go it alone and use raw JavaScript, but jQuery is still the powerhouse it was and, for the minimal cost of using a small library, you really do get to do more with less. 


However, things have moved on and jQuery needs to keep up. The latest version, 3.5 is now ready to use. The biggest change is the security fix to htmlPrefilter. This is mostly used internally to turn strings into correct HTML, i.e. all closing tags present. Unfortunately it used a regex to do the job and this has recently been proved to be exploitable to create an XSS. The solution has been to simply remove the method by replacing it with a function that does nothing. This means that you may have a problem if you were relying on htmlPrefilter to fix your HTML, but only if you didn't insist on closing tags.

For example, if you used:


then htmlPrefilter would have converted this to:


but now you would get:


which isn't what you intended. If you always use closing tags in HTML mode then there is no problem.

If you really need the old behavior and can put up with the XSS risk, you can restore the behavior. However, the jQuery team recommends dompurify to do the job property - this isn't part of jQuery but works perfectly with it.

A big change needed to fit in with the improved CSS selectors is that all positional selectors e.g. :first, :last and so on are being removed in jQuery 4. The reason is that they are not native selectors and the cost of implementing them is high in terms of code and time. Nearly all the positional selectors have alternative methods that do the same job, but by filtering the result of the query. For example, you could write using a positional selector:


and the query would return the first div. Alternatively you could use a method:


which first returns all of the divs and then filters out just the first one. This is all fine, but we were missing methods for the positional selectors :even and :odd,  but now in 3.5 we have them:




All you have to do now is remember to convert all positional selectors to filter methods before you upgrade to jQuery 4.

There are some other minor changes, but I can't help commenting on the deprecation of the jQuery .trim method to be replaced by the JavaScript native .trim method. Judging by the number of websites I encounter that fail to trim string input at all, I don't think this is going to cause many programmers a problem.



More Information

jQuery 3.5.0 Released!

Related Articles

Starting To Oust Sizzle From jQuery

jQuery Still Our Favourite Framework

GitHub Removes jQuery. Why?

Vanilla JS Used On More Sites Than jQuery

jQuery 3.2.1 Is Out - Do We Still Care?

jQuery 3.0 Final Released

JQuery Ever More Popular

jQuery Adopts Semantic Versioning

OpenJS Foundation - New Merged Foundation For JavaScript

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.



Perl Dancer2 Web Framework Updated

Despite the project going back to 2009, the just announced release is 1.0.0. Let's look at this milestone release, adopting a retrospective attitude. Of course, we are talking about Dancer2  [ ... ]

Helidon Microservices Framework Version 4 Reaches General Availability

Helidon, the open source microservices framework by Oracle, has been updated to version 4, just a month after the release of Java 21. With this release Helidon becomes the world’s first virtual [ ... ]

More News




or email your comment to: comments@i-programmer.info



Last Updated ( Wednesday, 15 April 2020 )