On 28/08/12 13:04, Daniel Friesen wrote:
I still can't believe the high-level jQuery answer after all these years to "Select a div with an id provided by the user" is "Use `$( "div#" + userInput )` and hope there are no special characters. Or find some way to escape it yourself." when low-level dom can just query by ID and there is no reason for jQuery to force people to express everything in querys they parse when they could actually declare portions of a query with object notations.
I share your reservations about jQuery, I voiced them at the time it was introduced to MediaWiki. I trolled the proponents by musing about how awesome jQuery would be if the selector engine (Sizzle) were removed.
Personally, I would use document.getElementById() to do that. It's standard, and it's faster and more secure. More complex selectors derived from user input can be replaced with jQuery.filter() etc. with no loss of performance.
-- Tim Starling