mirror of
https://github.com/jquery/jquery.git
synced 2024-11-23 02:54:22 +00:00
Manipulation: Respect script crossorigin attribute in DOM manipulation
Fixes gh-4542 Closes gh-4563 Co-authored-by: Michał Gołębiowski-Owczarek <m.goleb@gmail.com>
This commit is contained in:
parent
df6858df2e
commit
15ae361485
@ -157,7 +157,8 @@ function domManip( collection, args, callback, ignored ) {
|
|||||||
// Optional AJAX dependency, but won't run scripts if not present
|
// Optional AJAX dependency, but won't run scripts if not present
|
||||||
if ( jQuery._evalUrl && !node.noModule ) {
|
if ( jQuery._evalUrl && !node.noModule ) {
|
||||||
jQuery._evalUrl( node.src, {
|
jQuery._evalUrl( node.src, {
|
||||||
nonce: node.nonce || node.getAttribute( "nonce" )
|
nonce: node.nonce || node.getAttribute( "nonce" ),
|
||||||
|
crossOrigin: node.crossOrigin
|
||||||
}, doc );
|
}, doc );
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -10,6 +10,7 @@ jQuery._evalUrl = function( url, options, doc ) {
|
|||||||
cache: true,
|
cache: true,
|
||||||
async: false,
|
async: false,
|
||||||
global: false,
|
global: false,
|
||||||
|
scriptAttrs: options.crossOrigin ? { "crossOrigin": options.crossOrigin } : undefined,
|
||||||
|
|
||||||
// Only evaluate the response if it is successful (gh-4126)
|
// Only evaluate the response if it is successful (gh-4126)
|
||||||
// dataFilter is not invoked for failure responses, so using it instead
|
// dataFilter is not invoked for failure responses, so using it instead
|
||||||
|
@ -54,7 +54,21 @@ class MockServer {
|
|||||||
} else {
|
} else {
|
||||||
header( 'Content-type: text/html' );
|
header( 'Content-type: text/html' );
|
||||||
}
|
}
|
||||||
echo 'QUnit.assert.ok( true, "mock executed" );';
|
|
||||||
|
if ( !empty( $req->query['cors'] ) ) {
|
||||||
|
header( "Access-Control-Allow-Origin: *" );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( !empty( $req->query['callback'] ) ) {
|
||||||
|
$headers = array_combine(
|
||||||
|
array_map( 'strtolower', array_keys( $req->headers ) ),
|
||||||
|
array_values( $req->headers )
|
||||||
|
);
|
||||||
|
|
||||||
|
echo $req->query['callback'] . "(" . json_encode( [ 'headers' => $headers ] ) . ")";
|
||||||
|
} else {
|
||||||
|
echo 'QUnit.assert.ok( true, "mock executed" );';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Used to be in test.js, but was renamed to testbar.php
|
// Used to be in test.js, but was renamed to testbar.php
|
||||||
|
@ -67,7 +67,18 @@ var mocks = {
|
|||||||
} else {
|
} else {
|
||||||
resp.writeHead( 200, { "content-type": "text/html" } );
|
resp.writeHead( 200, { "content-type": "text/html" } );
|
||||||
}
|
}
|
||||||
resp.end( "QUnit.assert.ok( true, \"mock executed\" );" );
|
|
||||||
|
if ( req.query.cors ) {
|
||||||
|
resp.writeHead( 200, { "access-control-allow-origin": "*" } );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( req.query.callback ) {
|
||||||
|
resp.end( req.query.callback + "(" + JSON.stringify( {
|
||||||
|
headers: req.headers
|
||||||
|
} ) + ")" );
|
||||||
|
} else {
|
||||||
|
resp.end( "QUnit.assert.ok( true, \"mock executed\" );" );
|
||||||
|
}
|
||||||
},
|
},
|
||||||
testbar: function( req, resp ) {
|
testbar: function( req, resp ) {
|
||||||
resp.writeHead( 200 );
|
resp.writeHead( 200 );
|
||||||
|
@ -2295,6 +2295,39 @@ testIframe(
|
|||||||
QUnit[ jQuery.ajax ? "test" : "skip" ]
|
QUnit[ jQuery.ajax ? "test" : "skip" ]
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|
||||||
|
// We need to simulate cross-domain requests with the feature that
|
||||||
|
// both 127.0.0.1 and localhost point to the mock http server.
|
||||||
|
// Skip the the test if we are not in localhost but make sure we run
|
||||||
|
// it in Karma.
|
||||||
|
QUnit[
|
||||||
|
jQuery.ajax && ( window.__karma__ || location.hostname === "localhost" ) ?
|
||||||
|
"test" :
|
||||||
|
"skip"
|
||||||
|
]( "jQuery.append with crossorigin attribute", function( assert ) {
|
||||||
|
assert.expect( 1 );
|
||||||
|
|
||||||
|
var done = assert.async(),
|
||||||
|
timeout;
|
||||||
|
|
||||||
|
Globals.register( "corsCallback" );
|
||||||
|
window.corsCallback = function( response ) {
|
||||||
|
assert.ok( typeof response.headers.origin === "string", "Origin header sent" );
|
||||||
|
window.clearTimeout( timeout );
|
||||||
|
done();
|
||||||
|
};
|
||||||
|
|
||||||
|
var src = baseURL + "mock.php?action=script&cors=1&callback=corsCallback";
|
||||||
|
src = src.replace( "localhost", "127.0.0.1" );
|
||||||
|
var html = "<script type=\"text/javascript\" src=\"" + src + "\" crossorigin=\"anonymous\"><\/script>";
|
||||||
|
|
||||||
|
jQuery( document.body ).append( html );
|
||||||
|
timeout = window.setTimeout( function() {
|
||||||
|
assert.ok( false, "Origin header should have been sent" );
|
||||||
|
done();
|
||||||
|
}, 2000 );
|
||||||
|
} );
|
||||||
|
|
||||||
QUnit.test( "jQuery.clone - no exceptions for object elements #9587", function( assert ) {
|
QUnit.test( "jQuery.clone - no exceptions for object elements #9587", function( assert ) {
|
||||||
|
|
||||||
assert.expect( 1 );
|
assert.expect( 1 );
|
||||||
|
Loading…
Reference in New Issue
Block a user