library-mirrors/jquery
1
0
Fork 0
mirror of https://github.com/jquery/jquery.git synced 2025-01-10 18:24:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Revert "Ajax: Mitigate possible XSS vulnerability"

Browse Source 
This reverts commit f60729f390.

Fixes gh-3011
Refs ad358fd62b
This commit is contained in:
Michał Gołębiowski 2016-03-23 12:44:29 +01:00
parent 22ce99ad3c
commit cfe830eefd
2 changed files with 0 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/ajax/script.js
View File

@ -4,13 +4,6 @@ define( [
"../ajax"
], function( jQuery, document ) {
// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
jQuery.ajaxPrefilter( function( s ) {
if ( s.crossDomain ) {
s.contents.script = false;
}
} );
// Install script dataType
jQuery.ajaxSetup( {
accepts: {

38
test/unit/ajax.js
View File

@ -85,44 +85,6 @@ QUnit.module( "ajax", {
};
} );
ajaxTest( "jQuery.ajax() - execute js for crossOrigin when dataType option is provided", 3,
function( assert ) {
return {
create: function( options ) {
options.crossDomain = true;
options.dataType = "script";
return jQuery.ajax( url( "data/script.php?header=ecma" ), options );
},
success: function() {
assert.ok( true, "success" );
},
complete: function() {
assert.ok( true, "complete" );
}
};
}
);
ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) {
return {
create: function( options ) {
options.crossDomain = true;
return jQuery.ajax( url( "data/script.php" ), options );
},
success: function() {
assert.ok( true, "success" );
},
fail: function() {
if ( jQuery.support.cors === false ) {
assert.ok( true, "fail" );
}
},
complete: function() {
assert.ok( true, "complete" );
}
};
} );
ajaxTest( "jQuery.ajax() - success callbacks (late binding)", 8, function( assert ) {
return {
setup: addGlobalEvents( "ajaxStart ajaxStop ajaxSend ajaxComplete ajaxSuccess", assert ),