Boolean attribute getters throw if the attribute name is not all lowercase

Description

In #2916 we removed our logic that lowercased attribute names. This caused one regression: any attribute getter using a name for boolean attributes but not all lowercased is going into an infinite recursion, exceeding the stack call limit.

Amongst others, this is breaking the AngularJS test suite when tested with jQuery 3.0.0-rc1.

Link to test case

https://jsfiddle.net/shnann6y/2/

Basically, $('<div>').attr('requiRed') is enough to trigger the error.

Author: Fantashit

1 thought on “Boolean attribute getters throw if the attribute name is not all lowercase

  1. acknowledged, i’ll carry that over to mitre. i’m not sure this should have been marked as vulnerability in Snyke, and therefore in Mitre. i should have done my homework better but, arguably, there wasn’t much information available to begin with, without digging deep in the source code. 🙂

    For what it’s worth, I requested a CVE through this form. I strongly encourage security researchers and upstream project to systematically request CVE assignments when discovering and/or releasing security issues. It makes tracking much easier across the ecosystem, from the upstream vendors down to all the downstream distributors and linux distros.

    Thanks!

Comments are closed.