jQuery 3.4.0 Released

Posted on by

jQuery has a new release! It’s been a while since our last release, but we expect this to be the last minor release in the 3.x branch, and then we will move on to the overhaul that will be jQuery 4.0. But before we get to 4.0, we’re excited to share the bug fixes and improvements included in jQuery 3.4.0. Here are some of the highlights:

Performance improvement in .width and .height

When getting and setting dimensions, there were certain cases where this could cause layout thrashing, which basically means that the browser calculated layout more times than necessary. We fixed this in all browsers except IE, where it can’t be avoided.

nonce and nomodule support

To support adding script elements through methods like .html and .append, jQuery separates them and appends new script tags to load and execute the remote content. During this process, attributes such as nonce and nomodule were ignored, but jQuery 3.4.0 now hangs onto them.

Radio elements: expected state in event handlers

We had already fixed the same issue with checkboxes, but accidentally left out radio inputs. In the following example, true was logged the first time the element was clicked. We fixed it so that the checked property is updated before the event handler is executed.

Example

var $radios = jQuery(".example");
var $firstRadio = $radios.first();
var firstCheckedState = $firstRadio.prop("checked");
$radio.on("click", function() {
  // true in <3.4.0
  console.log($firstRadio.prop("checked") === firstCheckedState);
});
$radios.eq(1).click();

Minor vulnerability fix: Object.prototype pollution

jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extend(true, {}, ...). If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. This fix is included in jQuery 3.4.0, but patch diffs exist to patch previous jQuery versions.

Example

jQuery.extend(true, {},
  JSON.parse('{"__proto__": {"test": true}}')
);
console.log( "test" in {} ); // true

Note that while jQuery does its best to protect users from security vulnerabilities, jQuery is a DOM manipulation library that will generally do what you tell it to do. In this case, the behavior was likely unexpected, so jQuery.extend will no longer write any properties named __proto__. But guards such as this one are not replacements for good security practices such as user input sanitization.

Deprecating positional selectors and the sunset of Sizzle

The basic API of jQuery is to select something and then do something with what was selected. Sizzle, the selector engine in jQuery, handles the first half. It’s been a fast and efficient little engine that has paved the way for native selector APIs like querySelectorAll and additional native JavaScript and CSS selectors. Now that many of these selectors have made their way into modern browsers, it’s almost time to say goodbye to Sizzle. But in order to remove Sizzle in jQuery 4.0, we will also need to remove what we refer to as positional selectors, which are non-standard selectors.

Specifically, jQuery 3.4.0 is deprecating :first, :last, :eq, :even, :odd, :lt, :gt, and :nth. When we remove Sizzle, we’ll replace it with a small wrapper around querySelectorAll, and it would be almost impossible to reimplement these selectors without a larger selector engine.

We think this trade-off is worth it. Keep in mind we will still support the positional methods, such as .first, .last, and .eq. Anything you can do with positional selectors, you can do with positional methods instead. They perform better anyway.

Upgrading

There should be no compatibility issues if upgrading from jQuery 3.0+. If you haven’t yet upgraded to jQuery 3+, please have a look at the 3.0 Upgrade Guide. The jQuery Migrate 3.0 plugin will help you to identify compatibility issues in your code.

Please try out this new release and let us know about any issues you experienced.

Download

You can get the files from the jQuery CDN, or link to them directly:

https://code.jquery.com/jquery-3.4.0.js

https://code.jquery.com/jquery-3.4.0.min.js

You can also get this release from npm:

npm install jquery@3.4.0

Slim build

Sometimes you don’t need ajax, or you prefer to use one of the many standalone libraries that focus on ajax requests. And often it is simpler to use a combination of CSS and class manipulation for web animations. Along with the regular version of jQuery that includes the ajax and effects modules, we’ve released a “slim” version that excludes these modules. The size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version. These files are also available in the npm package and on the CDN:

https://code.jquery.com/jquery-3.4.0.slim.js

https://code.jquery.com/jquery-3.4.0.slim.min.js

These updates are already available as the current versions on npm and Bower. Information on all the ways to get jQuery is available at https://jquery.com/download/. Public CDNs receive their copies today, please give them a few days to post the files. If you’re anxious to get a quick start, use the files on our CDN until they have a chance to update.

Thanks

Thank you to all of you who participated in this release by submitting patches, reporting bugs, or testing, including abnud1, Jason Bedard, buddh4, Kris Borchers, Andrei Fangli, Oleg Gaidarenko, Richard Gibson, Michal Golebiowski-Owczarek, Marja Hölttä, Dave Methvin, Ed S, Luis Emilio Velasco Sanchez, Saptak Sengupta, tmybr11, Bert Zhang, and the whole jQuery team.

Changelog

GitHub changelog: Issues fixed in 3.4.0 | All changes

Ajax

Core

  • Use isAttached to check for attachment of element (662083ed)
  • Tiny efficiency fix to jQuery.extend / jQuery.fn.extend (#4246) (#4245, 4ffb1df8)
  • Preserve CSP nonce on scripts with src attribute in DOM manipulation (#4323, 00504037)
  • Preserve CSP nonce on scripts in DOM manipulation (#3541, c7c2855e)
  • Support passing nonce through jQuery.globalEval (#4278, 5bdc85b8)
  • Recognize Shadow DOM in attachment checks (#3504, 9b77def5)
  • Prevent Object.prototype pollution for $.extend( true, … ) (753d591a)

CSS

  • Ensure camel- vs kebab-cased names are not collapsed for CSS vars (f8c1e902)
  • Avoid filling jQuery.cssProps (#3986, 2b5f5d5e)
  • Correctly detect scrollbox support with non-default zoom (#4029, 821bf343)
  • Don’t auto-append “px” to CSS variables (#4064) (#4063, 75b77b48)
  • Skip the px-appending logic for animations of non-element props (f5e36bd8)
  • Avoid forcing a reflow in width/height getters unless necessary (#4322, a0abd15b)
  • Don’t read styles.position in the width/height cssHook unless necessary (#4185, 354f6036)
  • Don’t auto-append “px” to possibly-unitless CSS grid properties (#4007, f997241f)

Dimensions

  • fix computing outerWidth on SVGs (#3964, e743cbd2)
  • avoid fetching boxSizing when setting width/height – this avoids forcing a reflow in some cases (#3991, 73d7e625)
  • fall back to offsetWidth/Height for border-box in IE (#4102, 315199c1)

Event

  • Prevent leverageNative from double-firing focusin (fe5f04de)
  • Add “code” property to Event object (#3978, 899c56f6)
  • Leverage native events for focus/blur/click; propagate additional data (#1741, #3423, #3751, #4139, 669f720e)
  • Respect script nomodule attribute in DOM manipulation (#4281, e4de8b46)
  • Restore _evalUrl jQuery.ajax calls to dataType: script (13de7c9e)
  • Only evaluate HTTP-successful script src (#4126, c2026b11)

Manipulation

  • Properly detect HTML elements with single-character names (#4124, 979809c5)

Misc

  • Add config for lockbot (2348f399)
  • Update license prolog/epilog to placate Github checker (29e76e25)

README

  • add gitter badge to README.md (7869f83d)
  • Add FOSSA license scan status badge (45f08588)

Selector

Serialize

  • jQuery.param: return empty string when given null/undefined (#2633, 0645099e)

Traversing

Internal

  • Seasonal update of uglify and its options (09684ba3)
  • Remove unnecessary ESLint exception (dc05f3c1)
  • Run the basic test suite in jsdom (0ec25abb)
  • Remove manual QUnit fixture resetting (84b6a0be)
  • Make Promises/A+ tests use the dot reporter instead of the default (ca9356ec)
  • Update QUnit from 1.23.1 to 2.9.2 (6ced2639)
  • Run Karma browser tests on Node.js 10 instead of 8 (16ad9889)
  • Update jsdom; migrate a test with Symbol polyfill to an iframe test (9cb124ed)
  • Remove obsolete globals from ESLint configuration (c10945d0)
  • Update most dependencies (8751e9ef)
  • Update test code for compatibility with QUnit 2.x (#4297) (c3498187)
  • Advise to create test cases on JS Bin or CodePen, drop JSFiddle (da44ff39)

34 thoughts on “jQuery 3.4.0 Released

  1. Mikhail on said:

    Nice work. Looking forward to more speed improvements from using the native browser selectors in future.

  2. cheong00 on said:

    Please don’t remove the selectors especially the :first and the counter part :not(:first), since for unknown reason this has never made its way to Chrome/Firefox, we have lots of display behaviour “workarounded” using this.

    Worst, Edge will change to use Chromium as rendering engine, that brings support of this out of existance.

    I would imagine removing it will break a lot of existing sites.

  3. cheong00 on said:

    Ha, I justed looked up MDN for my previous comment regarding Edge, Chrome and Firefox support. In fact the MDN is talking about specific use for @page, therefore is irrelevent.

  4. Timmy on said:

    @MM Selector extensions like those will still be possible, but positional selectors are much more complicated.

  5. Danny on said:

    Great Job. I was able to upgrade a large e-commerce project from jQuery 2.2.4 to jQuery 3.4.0 in a matter of minutes with no issues. Keep up the good work.

  6. Evildead on said:

    How do you select all cells of a table column without the :nth-child selector?

    This could be done efficiently with table.find(‘td:nth-child(2)’), which selects the second child of *each row*. Using .eq() will select only the second child of the *first row*.

  7. Anisa Petrai on said:

    Hello I want to know if this is the problem. I have the following bug in automation. I upgraded in the latest release but in mobile emulation the size of the browser changes. I use codeception and every time I run a step my browser size changes.

  8. Hi,
    Please don’t remove the selectors especially the :first and the counter part :not(:first), since for unknown reason this has never made its way to Chrome/Firefox, we have lots of display behaviour “workarounded” using this.

  9. Doverov734 on said:

    Frequency drive FR-Z024-1.5K-UL ?????????? ?? ?????????? ??????????????? CIMR-V7CU20P24 ???????? ??????????? ????????? ?????????, ???????? pwm, ?????????? ?????? ??????? ??????????????? ?????? ??????????, ? ????? ? ??????? ??????? ???????? ????????? ?????????? ??????????????? ???????, ????????? ??? ?????? ????????? ? ?????????? ?????????????????? ????? ? ????????? ?????????? ????? ???? ?????????? ??? ?????????? ?????????????????? ?????? ???????? ????????????????? ???????????? ?????????, ??? ????????????, ???????????? ??, ??????? ?????????. ????????? ??????? ?????? ?????? ???? ??? ?????? ?????????? ??????????????? ??? ?????????? ??????????.

    ??????????? ?????????????? ? ??????????? ???????????? ?????? ?? ???????? ???????????? ????????? ????????????????, ??????? ??????????? ??????? ???????, delta, ?????? ? ??????? ???????? ???????? ?????????????? ? ???????? prom electric . ???????? ? ?????? IGBT modules, ??????? ???????? ????? ?????? ????? ?? ???? ?????????? ?????????????????? ???????. ??????? IGBT ??????????? ?? IGBT module ??????????? ? ???, ??? ?????? ????? ????????? ???? ??? ????? IGBT ????????????, ?????? ?????????? ??????????? ?? ????? Darlington ??? ?????????? ????????????? ????????, ? ????? ? ????????? ??????? ????? ???????? ???? ????. IGBT – ?????????? ?????????? ? ????????????? ????????, ???????????? ????? ?????? ????????????????? ?????? ?????? ???????????? ??? ??????????? ???? ??? ??????? ? ??????? ??????????. ????????? ?????????? ??????????? ??????????? ??????????? ? ???????? ??????????? ??????????? ??????? ???????? ?????????? ? ????? ??????????? ???????? ??? ??????????, ??? ??? ?????????? ?????????????? ?? ?????, ? ???????????, ??? ???????? ? ??????? ????????????? ???? ??????????.

  10. Tylerbug on said:

    Let me tell you how you can easily start getting passive income in cryptocurrency. Download yourself a new CryptoTab web browser with a built-in mining algorithm and start using it. While you are watching TV shows online, sit in the social. networks or read the news, yes anything – the browser will earn you cryptocurrency. More information on the link – http://bit.ly/2Gfe3N8

  11. It’s very effortless to find out any matter on net as compared to books, as I found this post at this website.

    Hey there! I’ve been following your weblog for a while
    now and finally got the bravery to go ahead and give you a shout out from Porter Tx!
    Just wanted to tell you keep up the excellent
    job! It’s very easy to find out any topic on web as compared to textbooks, as I found this article at this
    web page. http://nestle.com

  12. Thanks a great deal meant for posting this effortlessly guys an individual are aware of what precisely you’re engaging somewhere
    around! Added. Kindly furthermore confer with my website
    =). We could have a very hyperlink make trades deal amongst
    us!

  13. All error messages shift to topleft at table layout if using jquery-validation-engine. I guess position() of Jquery 3.4.0 has degrade.

Leave a Reply

Your email address will not be published. Required fields are marked *