Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitda3dd85

Browse files
skrobinsonmgol
authored andcommitted
Ajax: Do not execute scripts for unsuccessful HTTP responses
The script transport used to evaluate fetched script sources which isundesirable for unsuccessful HTTP responses. This is different to other datatypes where such a convention was fine (e.g. in case of JSON).(cherry picked from50871a5)Fixesgh-4250Fixesgh-4655Closesgh-4379
1 parent065143c commitda3dd85

File tree

4 files changed

+145
-0
lines changed

4 files changed

+145
-0
lines changed

‎src/ajax.js‎

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -744,6 +744,11 @@ jQuery.extend( {
744744
response=ajaxHandleResponses(s,jqXHR,responses);
745745
}
746746

747+
// Use a noop converter for missing script
748+
if(!isSuccess&&jQuery.inArray("script",s.dataTypes)>-1){
749+
s.converters["text script"]=function(){};
750+
}
751+
747752
// Convert no matter what (that way responseXXX fields are always set)
748753
response=ajaxConvert(s,response,jqXHR,isSuccess);
749754

‎test/data/mock.php‎

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -216,6 +216,19 @@ protected function cspClean( $req ) {
216216
unlink($this->cspFile );
217217
}
218218

219+
protectedfunctionerrorWithScript($req ) {
220+
header('HTTP/1.0 404 Not Found' );
221+
if (isset($req->query['withScriptContentType'] ) ) {
222+
header('Content-Type: application/javascript' );
223+
}
224+
if (isset($req->query['callback'] ) ) {
225+
$callback =$req->query['callback'];
226+
echo$callback .'( {"status": 404, "msg": "Not Found"} )';
227+
}else {
228+
echo'QUnit.assert.ok( false, "Mock return erroneously executed" );';
229+
}
230+
}
231+
219232
publicfunction__construct() {
220233
$this->cspFile =__DIR__ .'/support/csp.log';
221234
}

‎test/middleware-mockserver.js‎

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -226,6 +226,18 @@ var mocks = {
226226
cspLog="";
227227
resp.writeHead(200);
228228
resp.end();
229+
},
230+
errorWithScript:function(req,resp){
231+
if(req.query.withScriptContentType){
232+
resp.writeHead(404,{"Content-Type":"application/javascript"});
233+
}else{
234+
resp.writeHead(404);
235+
}
236+
if(req.query.callback){
237+
resp.end(req.query.callback+"( {\"status\": 404, \"msg\": \"Not Found\"} )");
238+
}else{
239+
resp.end("QUnit.assert.ok( false, \"Mock return erroneously executed\" );");
240+
}
229241
}
230242
};
231243
varhandlers={

‎test/unit/ajax.js‎

Lines changed: 115 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -837,6 +837,121 @@ QUnit.module( "ajax", {
837837
};
838838
});
839839

840+
ajaxTest("jQuery.ajax() - do not execute scripts from unsuccessful responses (gh-4250)",11,function(assert){
841+
varglobalEval=jQuery.globalEval;
842+
843+
varfailConverters={
844+
"text script":function(){
845+
assert.ok(false,"No converter for unsuccessful response");
846+
}
847+
};
848+
849+
functionrequest(title,options){
850+
vartestMsg=title+": expected file missing status";
851+
returnjQuery.extend({
852+
beforeSend:function(){
853+
jQuery.globalEval=function(){
854+
assert.ok(false,"Should not eval");
855+
};
856+
},
857+
complete:function(){
858+
jQuery.globalEval=globalEval;
859+
},
860+
// error is the significant assertion
861+
error:function(xhr){
862+
assert.strictEqual(xhr.status,404,testMsg);
863+
},
864+
success:function(){
865+
assert.ok(false,"Unanticipated success");
866+
}
867+
},options);
868+
}
869+
870+
return[
871+
request(
872+
"HTML reply",
873+
{
874+
url:url("404.txt")
875+
}
876+
),
877+
request(
878+
"HTML reply with dataType",
879+
{
880+
dataType:"script",
881+
url:url("404.txt")
882+
}
883+
),
884+
request(
885+
"script reply",
886+
{
887+
url:url("mock.php?action=errorWithScript&withScriptContentType")
888+
}
889+
),
890+
request(
891+
"non-script reply",
892+
{
893+
url:url("mock.php?action=errorWithScript")
894+
}
895+
),
896+
request(
897+
"script reply with dataType",
898+
{
899+
dataType:"script",
900+
url:url("mock.php?action=errorWithScript&withScriptContentType")
901+
}
902+
),
903+
request(
904+
"non-script reply with dataType",
905+
{
906+
dataType:"script",
907+
url:url("mock.php?action=errorWithScript")
908+
}
909+
),
910+
request(
911+
"script reply with converter",
912+
{
913+
converters:failConverters,
914+
url:url("mock.php?action=errorWithScript&withScriptContentType")
915+
}
916+
),
917+
request(
918+
"non-script reply with converter",
919+
{
920+
converters:failConverters,
921+
url:url("mock.php?action=errorWithScript")
922+
}
923+
),
924+
request(
925+
"script reply with converter and dataType",
926+
{
927+
converters:failConverters,
928+
dataType:"script",
929+
url:url("mock.php?action=errorWithScript&withScriptContentType")
930+
}
931+
),
932+
request(
933+
"non-script reply with converter and dataType",
934+
{
935+
converters:failConverters,
936+
dataType:"script",
937+
url:url("mock.php?action=errorWithScript")
938+
}
939+
),
940+
request(
941+
"JSONP reply with dataType",
942+
{
943+
dataType:"jsonp",
944+
url:url("mock.php?action=errorWithScript"),
945+
beforeSend:function(){
946+
jQuery.globalEval=function(response){
947+
assert.ok(/"status":404,"msg":"NotFound"/.test(response),"Error object returned");
948+
};
949+
}
950+
}
951+
)
952+
];
953+
});
954+
840955
ajaxTest("jQuery.ajax() - synchronous request",1,function(assert){
841956
return{
842957
url:url("json_obj.js"),

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp