jQuery Migrate 1.2.0 Released

Posted on by

The latest version 1.2 of the jQuery Migrate plugin is here! It can be used with either jQuery 1.9 or jQuery 2.0 to provide diagnostics and remedial help for plugins that haven’t been updated since jQuery 1.9 was released earlier this year. Believe me, this plugin can really make your life easier; if you’ve been afraid of upgrading jQuery, this plugin can cure that irrational software phobia.

The major change in this version is that we’ve re-closed a cross-site-scripting (XSS) hole that was fixed in jQuery 1.7 and reintroduced by the plugin. Essentially, any use of $("#... <tag>") will now always be interpreted as a selector and not as HTML. This is due to some developers using $(window.location.hash) and not realizing that an attacker can often control the contents of the hash on the URL to run code. Always assume that any data you get from an external source may contain harmful content!

You can find this latest version of the jQuery Migrate plugin on jQuery’s CDN:

Using the plugin is as easy as including it right after the version of jQuery you are using, for example:

<script src="http://code.jquery.com/jquery-1.9.1.js"></script>
<script src="http://code.jquery.com/jquery-migrate-1.2.0.js"></script>

Complete instructions and a complete list of the diagnostics given by the plugin are located in the plugin project’s README file.

A full list of all changes are in the issue tracker. Many thanks to Igor Kalashnikov and Max Riviero for their help on this plugin!

3 thoughts on “jQuery Migrate 1.2.0 Released