Commit15ae361

gaohuia

and

mgol

authored

Manipulation: Respect script crossorigin attribute in DOM manipulation

Fixesgh-4542Closesgh-4563Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>

1 parentdf6858d commit15ae361Copy full SHA for 15ae361

File tree

5 files changed

+63

-3

lines changed

src
- manipulation.js
- manipulation
  - _evalUrl.js
test
- data
  - mock.php
- middleware-mockserver.js
- unit
  - manipulation.js

5 files changed

+63

-3

lines changed

`‎src/manipulation.js`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -157,7 +157,8 @@ function domManip( collection, args, callback, ignored ) {`
`157`	`157`	`// Optional AJAX dependency, but won't run scripts if not present`
`158`	`158`	`if(jQuery._evalUrl&&!node.noModule){`
`159`	`159`	`jQuery._evalUrl(node.src,{`
`160`		`-nonce:node.nonce\|\|node.getAttribute("nonce")`
	`160`	`+nonce:node.nonce\|\|node.getAttribute("nonce"),`
	`161`	`+crossOrigin:node.crossOrigin`
`161`	`162`	`},doc);`
`162`	`163`	`}`
`163`	`164`	`}else{`

`‎src/manipulation/_evalUrl.js`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ jQuery._evalUrl = function( url, options, doc ) {`
`10`	`10`	`cache:true,`
`11`	`11`	`async:false,`
`12`	`12`	`global:false,`
	`13`	`+scriptAttrs:options.crossOrigin ?{"crossOrigin":options.crossOrigin} :undefined,`
`13`	`14`
`14`	`15`	`// Only evaluate the response if it is successful (gh-4126)`
`15`	`16`	`// dataFilter is not invoked for failure responses, so using it instead`

`‎test/data/mock.php`

Lines changed: 15 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,21 @@ protected function script( $req ) {`
`54`	`54`	`}else {`
`55`	`55`	`header('Content-type: text/html' );`
`56`	`56`	`}`
`57`		`-echo'QUnit.assert.ok( true, "mock executed" );';`
	`57`	`+`
	`58`	`+if ( !empty($req->query['cors'] ) ) {`
	`59`	`+header("Access-Control-Allow-Origin: *" );`
	`60`	`+}`
	`61`	`+`
	`62`	`+if ( !empty($req->query['callback'] ) ) {`
	`63`	`+$headers =array_combine(`
	`64`	`+array_map('strtolower',array_keys($req->headers ) ),`
	`65`	`+array_values($req->headers )`
	`66`	`+);`
	`67`	`+`
	`68`	`+echo$req->query['callback'] ."(" .json_encode( ['headers' =>$headers ] ) .")";`
	`69`	`+}else {`
	`70`	`+echo'QUnit.assert.ok( true, "mock executed" );';`
	`71`	`+}`
`58`	`72`	`}`
`59`	`73`
`60`	`74`	`// Used to be in test.js, but was renamed to testbar.php`

`‎test/middleware-mockserver.js`

Lines changed: 12 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,18 @@ var mocks = {`
`67`	`67`	`}else{`
`68`	`68`	`resp.writeHead(200,{"content-type":"text/html"});`
`69`	`69`	`}`
`70`		`-resp.end("QUnit.assert.ok( true, \"mock executed\" );");`
	`70`	`+`
	`71`	`+if(req.query.cors){`
	`72`	`+resp.writeHead(200,{"access-control-allow-origin":"*"});`
	`73`	`+}`
	`74`	`+`
	`75`	`+if(req.query.callback){`
	`76`	`+resp.end(req.query.callback+"("+JSON.stringify({`
	`77`	`+headers:req.headers`
	`78`	`+})+")");`
	`79`	`+}else{`
	`80`	`+resp.end("QUnit.assert.ok( true, \"mock executed\" );");`
	`81`	`+}`
`71`	`82`	`},`
`72`	`83`	`testbar:function(req,resp){`
`73`	`84`	`resp.writeHead(200);`

`‎test/unit/manipulation.js`

Lines changed: 33 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2295,6 +2295,39 @@ testIframe(`
`2295`	`2295`	`QUnit[jQuery.ajax ?"test" :"skip"]`
`2296`	`2296`	`);`
`2297`	`2297`
	`2298`	`+`
	`2299`	`+// We need to simulate cross-domain requests with the feature that`
	`2300`	`+// both 127.0.0.1 and localhost point to the mock http server.`
	`2301`	`+// Skip the the test if we are not in localhost but make sure we run`
	`2302`	`+// it in Karma.`
	`2303`	`+QUnit[`
	`2304`	`+jQuery.ajax&&(window.__karma__\|\|location.hostname==="localhost") ?`
	`2305`	`+"test" :`
	`2306`	`+"skip"`
	`2307`	`+]("jQuery.append with crossorigin attribute",function(assert){`
	`2308`	`+assert.expect(1);`
	`2309`	`+`
	`2310`	`+vardone=assert.async(),`
	`2311`	`+timeout;`
	`2312`	`+`
	`2313`	`+Globals.register("corsCallback");`
	`2314`	`+window.corsCallback=function(response){`
	`2315`	`+assert.ok(typeofresponse.headers.origin==="string","Origin header sent");`
	`2316`	`+window.clearTimeout(timeout);`
	`2317`	`+done();`
	`2318`	`+};`
	`2319`	`+`
	`2320`	`+varsrc=baseURL+"mock.php?action=script&cors=1&callback=corsCallback";`
	`2321`	`+src=src.replace("localhost","127.0.0.1");`
	`2322`	`+varhtml="<script type=\"text/javascript\" src=\""+src+"\" crossorigin=\"anonymous\"><\/script>";`
	`2323`	`+`
	`2324`	`+jQuery(document.body).append(html);`
	`2325`	`+timeout=window.setTimeout(function(){`
	`2326`	`+assert.ok(false,"Origin header should have been sent");`
	`2327`	`+done();`
	`2328`	`+},2000);`
	`2329`	`+});`
	`2330`	`+`
`2298`	`2331`	`QUnit.test("jQuery.clone - no exceptions for object elements #9587",function(assert){`
`2299`	`2332`
`2300`	`2333`	`assert.expect(1);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit15ae361

File tree

5 files changed

5 files changed

`‎src/manipulation.js`

`‎src/manipulation/_evalUrl.js`

`‎test/data/mock.php`

`‎test/middleware-mockserver.js`

`‎test/unit/manipulation.js`

0 commit comments