Follow us on X (Twitter)  Like us on Facebook  Connect with us on LinkedIn  Subscribe to our YouTube Channel  Subscribe to our WhatsApp Group

jQuery Team has released version 3.5, that includes some new features, security bug fixes and more. According to the team, the main change in this release is a security fix, and it's possible you will need to change your own code to adapt.


Here's everything that you like to know about the latest changes, and how to download the latest version of jQuery 3.5.


jQuery 3.5 is now available with new features and fixes to XSS vulnerability


In jQuery 3.5, they have introduced a small feature that will include the ability to add a context to jQuery.globalEval. This was done as part of fixing a bug with script execution in iframes.


The main update in this release of jQuery 3.5 includes a cross-site scripting (XSS) vulnerability found in the jQuery’s HTML parser. Prior to this release, jQuery used a regex in its jQuery.htmlPrefilter method to ensure that all closing tags were XHTML-compliant when passed to methods. But sometimes the regex was introducing this cross-site scripting (XSS) vulnerability. With this release, the jQuery.htmlPrefilter function won't not use any regex and will pass the string unchanged.


In case you need the old behavior, you can use the latest version of the jQuery migrate plugin which provides a function to restore the old jQuery.htmlPrefilter. After including the plugin you can call jQuery.UNSAFE_restoreLegacyHtmlPrefilter() and jQuery will again ensure XHTML-compliant closing tags.


Earlier jQuery used to evaluate any response to a request for a script as a script, which is not always the desired behavior. The jQuery 3.5 will now only evaluate successful HTTP responses.


Apart from this, jQuery 3.5 deprecates jQuery.trim in favor of JavaScript's own String.prototype.trim(). So, while migrating to latest library, please take a note about this changes.


The jQuery team also announced the release of a slim version of jQuery that excludes ajax, or one of the many standalone libraries that focus on ajax requests. Though the size of jQuery is very rarely a load performance concern these days, but the slim build is about 6k gzipped bytes smaller than the regular version.


You can get the latest version of jQuery files from the jQuery CDN, or link to them directly: (uncompressed) (compressed/minified) (uncompressed, slim) (compressed/minified, slim)



Have a question? Or, a comment? Let's Discuss it below...


Thank you for visiting our website!

We value your engagement and would love to hear your thoughts. Don't forget to leave a comment below to share your feedback, opinions, or questions.

We believe in fostering an interactive and inclusive community, and your comments play a crucial role in creating that environment.