“jjQuery 3.5” Released

April 10, JavaScript library jQuery development team released the latest update “jQuery 3.5.0”.  This release focuses on security fix.

The latest update jQuery 3.5 is the successor of v3.4 released in April 2019.  This release includes changes mainly focused on security, and the most notable is the specification change added to jQuery.htmlPrefilter method.  Before the change, this method was using regex, but because of the cross-site scripting (VSS) vulnerability that could be introduced by regex, it stopped using it and instead, it passes the string through unchanged.  Due to this change, users are warned that some code may need to be changed.  If users want to go back to the old behavior, they can restore the old jQuery.htmlPrefilter by using the latest migration plugin.

As position selectors are scheduled to be deprecated in v4.0, two new methods “even()” and “.odd()” are introduced, replacing “:even” and “:odd” selectors.  As a part of fixing the bug with script execution in iframes, this release includes a feature that allows adding context to jQuery.globalEval, which executes JavaScript code in global context.

It includes numerous bug fixes, like the one in Ajax script transport.  There are some deprecations, such as jQuery.trim and AJAX event aliases.  It is recommended to replace them with String.prototype.trim() and .on(“ajaxStart”, …).

jQuery 3.5 is available on the official project website. Upgrade guides are also provided.

The jQuery Foundation