Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit025da4d

Browse files
authored
Ajax: Don't auto-execute scripts unless dataType provided
PRgh-2588 made jQuery stop auto-execute cross-domain scripts unless`dataType: "script"` was explicitly provided; this change landed in jQuery3.0.0. This change extends that logic same-domain scripts as well.After this change, to request a script under a provided URL to be evaluated,you need to provide `dataType: "script` in `jQuery.ajax` options or to use`jQuery.getScript`.Fixesgh-4822Closesgh-4825Refgh-2432Refgh-2588
1 parenta32cf63 commit025da4d

File tree

2 files changed

+25
-59
lines changed

2 files changed

+25
-59
lines changed

‎src/ajax/script.js

Lines changed: 2 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -19,22 +19,13 @@ function canUseScriptTag( s ) {
1919
(s.async&&jQuery.inArray("json",s.dataTypes)<0);
2020
}
2121

22-
// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
23-
jQuery.ajaxPrefilter(function(s){
24-
if(s.crossDomain){
25-
s.contents.script=false;
26-
}
27-
});
28-
29-
// Install script dataType
22+
// Install script dataType. Don't specify `content.script` so that an explicit
23+
// `dataType: "script"` is required (see gh-2432, gh-4822)
3024
jQuery.ajaxSetup({
3125
accepts:{
3226
script:"text/javascript, application/javascript, "+
3327
"application/ecmascript, application/x-ecmascript"
3428
},
35-
contents:{
36-
script:/\b(?:java|ecma)script\b/
37-
},
3829
converters:{
3930
"text script":function(text){
4031
jQuery.globalEval(text);

‎test/unit/ajax.js

Lines changed: 23 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -71,13 +71,20 @@ QUnit.module( "ajax", {
7171
};
7272
});
7373

74-
ajaxTest("jQuery.ajax() -execute js forcrossOrigin when dataType option is provided",3,
74+
ajaxTest("jQuery.ajax() -custom attributes forscript tag",5,
7575
function(assert){
7676
return{
7777
create:function(options){
78-
options.crossDomain=true;
78+
varxhr;
79+
options.method="POST";
7980
options.dataType="script";
80-
returnjQuery.ajax(url("mock.php?action=script&header=ecma"),options);
81+
options.scriptAttrs={id:"jquery-ajax-test",async:"async"};
82+
xhr=jQuery.ajax(url("mock.php?action=script"),options);
83+
assert.equal(jQuery("#jquery-ajax-test").attr("async"),"async","attr value");
84+
returnxhr;
85+
},
86+
beforeSend:function(_jqXhr,settings){
87+
assert.strictEqual(settings.type,"GET","Type changed to GET");
8188
},
8289
success:function(){
8390
assert.ok(true,"success");
@@ -89,20 +96,13 @@ QUnit.module( "ajax", {
8996
}
9097
);
9198

92-
ajaxTest("jQuery.ajax() -custom attributes for script tag",5,
99+
ajaxTest("jQuery.ajax() -execute JS when dataType option is provided",3,
93100
function(assert){
94101
return{
95102
create:function(options){
96-
varxhr;
97-
options.method="POST";
103+
options.crossDomain=true;
98104
options.dataType="script";
99-
options.scriptAttrs={id:"jquery-ajax-test",async:"async"};
100-
xhr=jQuery.ajax(url("mock.php?action=script"),options);
101-
assert.equal(jQuery("#jquery-ajax-test").attr("async"),"async","attr value");
102-
returnxhr;
103-
},
104-
beforeSend:function(_jqXhr,settings){
105-
assert.strictEqual(settings.type,"GET","Type changed to GET");
105+
returnjQuery.ajax(url("mock.php?action=script&header=ecma"),options);
106106
},
107107
success:function(){
108108
assert.ok(true,"success");
@@ -114,22 +114,16 @@ QUnit.module( "ajax", {
114114
}
115115
);
116116

117-
ajaxTest("jQuery.ajax() - do not execute js (crossOrigin)",2,function(assert){
118-
return{
119-
create:function(options){
120-
options.crossDomain=true;
121-
returnjQuery.ajax(url("mock.php?action=script&header"),options);
122-
},
123-
success:function(){
124-
assert.ok(true,"success");
125-
},
126-
fail:function(){
127-
assert.ok(false,"fail");
128-
},
129-
complete:function(){
130-
assert.ok(true,"complete");
131-
}
132-
};
117+
jQuery.each([" - Same Domain"," - Cross Domain"],function(crossDomain,label){
118+
ajaxTest("jQuery.ajax() - do not execute JS (gh-2432, gh-4822) "+label,1,function(assert){
119+
return{
120+
url:url("mock.php?action=script&header"),
121+
crossDomain:crossDomain,
122+
success:function(){
123+
assert.ok(true,"success");
124+
}
125+
};
126+
});
133127
});
134128

135129
ajaxTest("jQuery.ajax() - success callbacks (late binding)",8,function(assert){
@@ -1439,25 +1433,6 @@ QUnit.module( "ajax", {
14391433
};
14401434
});
14411435

1442-
ajaxTest("jQuery.ajax() - script by content-type",2,function(){
1443-
return[
1444-
{
1445-
url:baseURL+"mock.php?action=script",
1446-
data:{
1447-
"header":"script"
1448-
},
1449-
success:true
1450-
},
1451-
{
1452-
url:baseURL+"mock.php?action=script",
1453-
data:{
1454-
"header":"ecma"
1455-
},
1456-
success:true
1457-
}
1458-
];
1459-
});
1460-
14611436
ajaxTest("jQuery.ajax() - JSON by content-type",5,function(assert){
14621437
return{
14631438
url:baseURL+"mock.php?action=json",

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp