// Bind script tag hack transport
jQuery.ajaxTransport( "script", function( s ) {
- // This transport only deals with cross domain requests
- if ( s.crossDomain ) {
+ // This transport only deals with cross domain or forced-by-attrs requests
+ if ( s.crossDomain || s.scriptAttrs ) {
var script, callback;
return {
send: function( _, complete ) {
script = jQuery( "<script>" ).prop( {
charset: s.scriptCharset,
src: s.url
- } ).on(
+ } ).attr( s.scriptAttrs || {} ).on(
"load error",
callback = function( evt ) {
script.remove();
}
);
+ ajaxTest( "jQuery.ajax() - custom attributes for script tag", 4,
+ function( assert ) {
+ var nonceValue = "0123456789";
+ return {
+ create: function( options ) {
+ var xhr;
+ options.dataType = "script";
+ options.scriptAttrs = { id: "jquery-ajax-test", nonce: nonceValue };
+ xhr = jQuery.ajax( url( "data/script.php?header=ecma" ), options );
+ // Ensure the script tag has the nonce attr on it
+ assert.ok( nonceValue === jQuery( "#jquery-ajax-test" ).attr( "nonce" ), "nonce value" );
+ return xhr;
+ },
+ success: function() {
+ assert.ok( true, "success" );
+ },
+ complete: function() {
+ assert.ok( true, "complete" );
+ }
+ };
+ }
+ );
+
ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) {
return {
create: function( options ) {
projects / jquery.git / commitdiff