jQuery 1.6.3 RC1 Released

jquery 1.6.3 released

The new jQuery Javascript library, jQuery 1.6.3 Release Candidate 1, was made publicly available two days ago from the jQuery website.

Notable Changes

  • Fixed a cross site scripting attack vector: Script injection used to be possible when using location.hash to select elements. The new release disallows the use of html tags and, therefore scripts, in the $() if there is a # preceding it.
  • Removed support for requestAnimationFrame API: This API would tell the browser when to repaint an animation. The feature was unfortunately mis-used and caused an animation “worm hole” as the browser would execute queued animations concurrently when the browser tab went from inactive to active. Try it out here:

    In most cases, all you really had to do was empty the animation queue before executing and new animation. Scrapping this API to (seemingly) just reduce the number of bug reports is a bit like a waste in my opinion.
  • Better handling of HTML5 attributes: The .data() API has been improved to further support HTML 5 data attributes.

Report a Bug

Here are the new releases, throw them on your site (or link to them) and see how they fare:

You’d be doing the online developement community a huge service by reporting any bugs on JsFiddle using the jQuery(edge) option.