Starting To Oust Sizzle From jQuery
Written by Ian Elliot   
Tuesday, 16 April 2019

jQuery 3.4.0 has just been released. It is the last minor release on the 3.x branch and in preparation for the removal of the Sizzle selector engine from the next major release, jQuery 4.0, it deprecates Sizzle's, non-standard, positional selectors.

We didn't cover jQuery 3.3.0, quickly superseded by 3.3.1, when it was released over a year ago on the ground that it was a minor release that was mainly deprecations of functions that had outlived their usefulness. it included only one new feature  - that the .addClass().removeClass(), and .toggleClass() methods accept an array of classes. It is however worth covering the deprecations in jQuery 3.4.0 as they prepare for a more major overhaul when jQuery 4 arrives. 

jquerybanner

As Timmy Willison, team lead for jQuery Core, reminds us in his blog post announcing jQuery 3.4:

The basic API of jQuery is to select something and then do something with what was selected. Sizzle, the selector engine in jQuery, handles the first half. It’s been a fast and efficient little engine that has paved the way for native selector APIs like querySelectorAll and additional native JavaScript and CSS selectors.

While initially part of jQuery, Sizzle has had a wider-ranging influence and its selectors have made their way into modern browsers, making them redundant in jQuery, hence the decision to remove Sizzle in jQuery 4.0.

To pave the way for this change, in which Sizzle will be replaced by a small wrapper around querySelectorAllthe following list of non-standard positional selectors, that would be almost impossible to reimplement without a larger selector engine, are being deprecated:

:first
:last 
:eq

:even
:odd
:lt
:gt
:nth

Noting that the postional methods, such as: 

.first
.last 
.eq

will still be supported, Willison says, and I have to agree with him: 

Anything you can do with positional selectors, you can do with positional methods instead. They perform better anyway.

On the other hand if you have to support a legacy browser, such as IE, Internet Explorer, you may need to continue to use Sizzle, either by using an version of jQuery pre-dating 4.0, the date for which has yet to be announced, or by downloading Sizzle itself.

One of the other changes in jQuery 3.4.0 addresses an event handling issue, expected state, that had been fixed with checkboxes but accidentally left out radio inputs. Now when an element is clicked and true is logged the checked property is updated before the event handler is executed as in this example:

var $radios = jQuery(".example");
 var $firstRadio = $radios.first();
 var firstCheckedState = $firstRadio.prop("checked"); 
 $radio.on("click", function() {
    // true in <3.4.0
    console.log($firstRadio.prop("checked") === 
                                firstCheckedState);
 });
 $radios.eq(1).click();

Another fix is for the Prototype Pollution vulnerability which caused unintended behaviour when using:

jQuery.extend(true, {}, ...) 

Until now if an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype:

jQuery.extend(true, {},
   JSON.parse('{"__proto__": {"test": true}}')
 );
 console.log( "test" in {} ); // true

As well as including the fix in this release patch diffs have been made available by Daniel Ruf on GitHub for previous versions.

Willison warns however:

Note that while jQuery does its best to protect users from security vulnerabilities, jQuery is a DOM manipulation library that will generally do what you tell it to do. In this case, the behavior was likely unexpected, so jQuery.extend will no longer write any properties named __proto__. But guards such as this one are not replacements for good security practices such as user input sanitization.

Also in the new release, there's a performance improvement in .width and .height to eliminate layout thrashing when getting and setting dimensions. This is fixed in all browsers apart from IE. 

Finally, with regard to adding script elements through methods like .html and .append, support has been added for the previously ignored nonce and nomodule attributes. jQuery 3.4 now hangs on to them to load and execute the remote content they refer to. 

All in all this seems a worthwhile minor upgrade, leaving this branch in a good state and allowing the community to move on to jQuery 4.

As well as the standard version of jQuery 3.4.0, which can be obtained from the jQuery CDN or directly:

https://code.jquery.com/jquery-3.4.0.js

https://code.jquery.com/jquery-3.4.0.min.js

there is a "slim" version that excludes the ajax and effects modules, saving about 6k zipped bytes:

https://code.jquery.com/jquery-3.4.0.slim.js

https://code.jquery.com/jquery-3.4.0.slim.min.js

While there are many of the opinion that you don't need jQuery any more - this is simply a reflection of how little the person advocating the point of view knows about jQuery. It isn't just about the selectors. It is still the standard library of JavaScript and a lesson in writing good JavaScript to all of us.

jquery3

 

More Information

jQuery 3.4.0 Released

GitHub Changelog for jQuery 3.4

Download jQuery

Related Articles

jQuery Still Our Favourite Framework

GitHub Removes jQuery. Why?

Vanilla JS Used On More Sites Than jQuery

jQuery 3.2.1 Is Out - Do We Still Care?

jQuery 3.0 Final Released

JQuery Ever More Popular

jQuery Adopts Semantic Versioning

OpenJS Foundation - New Merged Foundation For JavaScript

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


Banner


We Built A Software Engineer
20/03/2024

One of the most worrying things about being a programmer today is the threat from AI. It has gone so far that NVIDA CEO Jensen Huang proclaims that you really shouldn't start training as a programmer  [ ... ]



White House Urges Memory Safe Software
29/02/2024

The White House is urging developers to adopt memory safe programming languages, suggesting Rust would be a safer choice than C or C++. 


More News

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

&lt;ASIN:1871962501>

&lt;ASIN:1871962528>

&lt;ASIN:1871962579>

&lt;ASIN:1871962560>

<

Last Updated ( Tuesday, 16 April 2019 )