jQuery 1.6.3 Released

Posted on by

jQuery 1.6.3 is now out! This is the third minor release on top of jQuery 1.6 and lands a number of fixes for bugs, as listed below.

As usual, we provide two copies of jQuery, one minified and one uncompressed (for debugging or reading).

You can help us by dropping that code into your existing application and letting us know if anything no longer works. Please file a bug and be sure to mention that you’re testing against jQuery 1.6.3.

Many thanks to all the people who reported bugs, submitted patches, and otherwise helped with this release! We want to encourage everyone from the community to get involved in contributing back to jQuery core. We’ve set up a full page of information dedicated towards becoming more involved with the team. The team is here and ready to help you help us!

Highlights

Fix an XSS attack vector: User ma.la reported a common pattern that many sites are using to select elements using location.hash that allows someone to inject script into the page. This practice seemed widespread enough that we decided to modify the selector recognition to prevent script injection for the most common case. Any string passed to $() cannot contain HTML tags (and thus no script) if it has a “#” character preceding them. See the ticket linked above for more information and a test case.

No more animation “worm holes”: We had high hopes for the browser’s requestAnimationFrame API when we added support into version 1.6. However, one of the highest-volume complaints we’ve received since then relates to the way requestAnimationFrame acts when a tab is not visible. All the animations initiated when the tab is invisible “stack” and are not executed until the tab is brought back into focus. Then they all animate at warp speed! We’ve removed support for this API (which has no impact on the way you call jQuery’s animation features) and plan to incorporate it into a future version of jQuery.

Better handling of HTML5 data attribute names: The $().data() API serves double-duty, handling data for the internal use of jQuery and plugins in addition to reading initial values of HTML5 data- attributes. We’ve improved the ability to use HTML5 conventions such as converting camel-case to camelCase when needed. Remember, however, that the $().data() API only reads the HTML5 data- attributes initially, and does not keep subsequent data changes in sync with attributes for performance reasons. To update the actual attributes in the HTML markup, use .attr().

jQuery 1.6.3 Change Log

The change log of the 1.6.3 release:

Ajax

  • #9255: jQuery.parseXML error handling does not work in webkit browsers
  • #9854: Pass statusText through instead of “normalizing” it
  • #9887: jQuery.ajaxSetup may cause unnecessary memory usage
  • #9970: Typo in ajax.js: status should be jqXHR.status?
  • #10098: Encode comment-like Accept headers to avoid mobile carrier mangling

Attributes

  • #9630: foo.contents().hasClass() returns incorrect value
  • #9699: removeAttr(‘style’) does not consistently remove the style attribute in webkit
  • #9719: removeAttr(‘disabled’) doesn’t change input’s color on IE6
  • #9979: .prop(‘tabIndex’) returns inconsistent results for elements that have not yet set tabIndex
  • #9980: Simplify the attr code by using getAttributeNode for everything in IE6/7

Build

  • #9988: Minimal License Header in compressed jQuery

Core

  • #9521: XSS with $(location.hash) and $(#) is needed?
  • #9897: try-catch isPlainObject detection
  • #10076: $.inArray crashes IE6 and Chrome if second argument is `null` or `undefined`

CSS

  • #6652: Remove filter:alpha(opacity=100) after animation
  • #9572: Support -ms-transform in .css() method
  • #10021: Can’t add negative numbers using the relative-value syntax with .css() and .animate()

Data

  • #8235: jQuery.data throws a script error in certain circumstances
  • #9318: HTML5 data attributes has strange behaviour with if attribute names contain numbers
  • #9413: $.fn.removeData does not remove data with a dash in a name
  • #9779: Allow non-null|undefined evaluation of data property values
  • #9794: jQuery.fn.data() correctly handle access to arbitrary data property values
  • #10016: Cannot retrieve “false-y” values under key names with dashes using jQuery.data method
  • #10080: unload from frame’s window breaks in IE8

Dimensions

  • #10123: .width() can return a float in Firefox 6

Effects

  • #9381: Animations halt when the browser is out of focus due to requestAnimationFrame
  • #9678: setInterval cleared by animation

Event

  • #7071: Accessing the ‘type’ property on VML elements fails on IE during submit special handler

Manipulation

  • #9587: Cloning a div with an object causes error in IE8

Support

  • #9634: Visible “t” character in upper left corner during support.js init
  • #9823: IE 8 crashes when using background-image on BODY in css
  • #9964: test/support.js module strictEqual typo
  • #10029: $.support.scriptEval removed, but still included in documentation

Please do file a bug report with a test case as soon as possible if you find problems, as described above. Blog comments or Twitter aren’t helpful bug reports!

28 thoughts on “jQuery 1.6.3 Released

  1. Jonathan on said:

    This release’s minified copy is 4 bytes smaller when served via gzip. I’m going to put that in the win column.

  2. Häääns on said:

    It’s a pity that requestAnimationFrame has this problematic worm holes. Hopefully this get’s fixed by the browser vendors so we could benefit of this great function.

  3. I don’t even understand how this benefits the average user of Jquery. THANKS ANYWEZ JQUERY <3 :P

  4. Ron Otten on said:

    @Häääns

    The problem is in uneducated developers and legacy jQuery plugins mis-using the jQuery animation API. The only way to ‘fix’ rAF is to remove all the benefits it offers and dumb it down to the equivalent of setInterval.

  5. Timothy Zhu on said:

    Thanks. Haven’t noticed any issues since the upgrade. Is there a reason why the home page is not updated to reflect the new release?

  6. (Couldn’t find any other place to mention it. The youtube vid on the Konami code has been removed. Any chance you could replace it? Thanks! cheers!)

  7. Ted Wood on said:

    I didn’t realize this new version was released because I usually only check the Home page of this site. Decided to check the blog and voila!

  8. Martijn on said:

    Cool! Nice list of fixes, too.

    Shouldn’t you also also update the homepage and download pages and such? It’s been 6 days :-?

  9. Dave McDermott on said:

    Yeah, I completely missed this release.

    The home page still says v1.6.2 as others have already mentioned.

  10. zourtney on said:

    I see that `datetime-local` fields are now getting `serialize`d properly. Yay, no more kludgy workarounds :-)

  11. I like so much Jquery.

    I don’t know if is it an issue of my code but i still memory leak in IE explorer and firefox. In google chrome i notise is ok.
    I will feel so happy if this issue fixed in future release.

    Thank you very much

  12. i still can get his code to work

    alert($(“#tbl_list_items tr:nth-child(1) td:nth-child(1)”).width());

  13. Doctor Rudolf on said:

    Is it only me having problems in IE8 with

    giving “undefined”?

    Before 1.6.3 it gave “”.

    Try it out:

    And then in IE8 – URL – field: javascript:alert($(‘#aaa’).attr(‘myattribute’))

  14. Doctor Rudolf on said:

    Here comes the code:
    html
    head
    script type=”text/javascript” src=”http://ajax.googleapis.com/ajax/libs/jquery/1.6.3/jquery.min.js”/script
    /head
    body
    form id=”form1″
    input id=”aaa” myattribute=””/
    /form
    /body
    /html

  15. Game Changer DNA Dan Kennedy on said:

    Awesome remarks. Significant thank you intended for most site visitors in addition to for author. I love the following site

  16. Greg Benedict on said:

    A big thanks to the person who figured out bug #9823. We thought for months that it was an IE 8 add-on or installation problem causing the random crashes.

    We haven’t had a crash since this update.