library-mirrors/jquery
1
0
Fork 0
mirror of https://github.com/jquery/jquery.git synced 2024-11-23 02:54:22 +00:00
Code Issues Actions 9 Packages Projects Releases Wiki Activity

Revert "Ajax: Mitigate possible XSS vulnerability"

Browse Source 
This reverts commit b078a62013.
This commit is contained in:
Oleg Gaidarenko 2015-11-11 18:55:44 +03:00
parent 8dda094c7c
commit ad358fd62b
3 changed files with 1 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ajax.js
View File

@ -223,7 +223,7 @@ function ajaxConvert( s, response, jqXHR, isSuccess ) {
if ( current ) {
// There's only work to do if current dataType is non-auto
// There's only work to do if current dataType is non-auto
if ( current === "*" ) {
current = prev;

7
src/ajax/script.js
View File

@ -4,13 +4,6 @@ define( [
"../ajax"
], function( jQuery, document ) {
// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
jQuery.ajaxPrefilter( function( s ) {
if ( s.crossDomain ) {
s.contents.script = false;
}
} );
// Install script dataType
jQuery.ajaxSetup( {
accepts: {

48
test/unit/ajax.js
View File

@ -71,54 +71,6 @@ QUnit.module( "ajax", {
};
} );
ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) {
return {
create: function( options ) {
options.crossDomain = true;
return jQuery.ajax( url( "data/script.php?header=ecma" ), options );
},
success: function() {
assert.ok( true, "success" );
},
complete: function() {
assert.ok( true, "complete" );
}
};
} );
ajaxTest( "jQuery.ajax() - execute js for crossOrigin when dataType option is provided", 3,
function( assert ) {
return {
create: function( options ) {
options.crossDomain = true;
options.dataType = "script";
return jQuery.ajax( url( "data/script.php?header=ecma" ), options );
},
success: function() {
assert.ok( true, "success" );
},
complete: function() {
assert.ok( true, "complete" );
}
};
}
);
ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) {
return {
create: function( options ) {
options.crossDomain = true;
return jQuery.ajax( url( "data/script.php" ), options );
},
success: function() {
assert.ok( true, "success" );
},
complete: function() {
assert.ok( true, "complete" );
}
};
} );
ajaxTest( "jQuery.ajax() - success callbacks (late binding)", 8, function( assert ) {
return {
setup: addGlobalEvents( "ajaxStart ajaxStop ajaxSend ajaxComplete ajaxSuccess", assert ),