🔒️ fix CVE-2020-11022

Author: ctcpip

src/core.js

@@ -953,13 +953,6 @@ jQuery.extend({
 
 			// Convert html string into DOM nodes
 			if ( typeof elem == "string" ) {
-				// Fix "XHTML"-style tags in all browsers
-				elem = elem.replace(/(<(\w+)[^>]*?)\/>/g, function(all, front, tag){
-					return tag.match(/^(abbr|br|col|img|input|link|meta|param|hr|area|embed)$/i) ?
-						all :
-						front + "></" + tag + ">";
-				});
-
 				// Trim whitespace, otherwise indexOf won't work as expected
 				var tags = jQuery.trim( elem ).toLowerCase(), div = context.createElement("div");
 

test/unit/core.js

@@ -39,7 +39,7 @@ test("$()", function() {
 	equals( code.length, 1, "Correct number of elements generated for code" );
 	var img = $("<img/>");
 	equals( img.length, 1, "Correct number of elements generated for img" );
-	var div = $("<div/><hr/><code/><b/>");
+	var div = $("<div></div><hr><code></code><b></b>");
 	equals( div.length, 4, "Correct number of elements generated for div hr code b" );
 
 	// can actually yield more than one, when iframes are included, the window is an array as well