From ad358fd62b0ab548abe379594ea00441940461f6 Mon Sep 17 00:00:00 2001
From: Oleg Gaidarenko <markelog@gmail.com>
Date: Wed, 11 Nov 2015 18:55:44 +0300
Subject: [PATCH] Revert "Ajax: Mitigate possible XSS vulnerability"

This reverts commit b078a62013782c7424a4a61a240c23c4c0b42614.
---
 src/ajax.js        |  2 +-
 src/ajax/script.js |  7 -------
 test/unit/ajax.js  | 48 ----------------------------------------------
 3 files changed, 1 insertion(+), 56 deletions(-)

diff --git a/src/ajax.js b/src/ajax.js
index bb69cf1d3..4feed36b5 100644
--- a/src/ajax.js
+++ b/src/ajax.js
@@ -223,7 +223,7 @@ function ajaxConvert( s, response, jqXHR, isSuccess ) {
 
 		if ( current ) {
 
-			// There's only work to do if current dataType is non-auto
+		// There's only work to do if current dataType is non-auto
 			if ( current === "*" ) {
 
 				current = prev;
diff --git a/src/ajax/script.js b/src/ajax/script.js
index 485ba397b..945bea9da 100644
--- a/src/ajax/script.js
+++ b/src/ajax/script.js
@@ -4,13 +4,6 @@ define( [
 	"../ajax"
 ], function( jQuery, document ) {
 
-// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
-jQuery.ajaxPrefilter( function( s ) {
-	if ( s.crossDomain ) {
-		s.contents.script = false;
-	}
-} );
-
 // Install script dataType
 jQuery.ajaxSetup( {
 	accepts: {
diff --git a/test/unit/ajax.js b/test/unit/ajax.js
index 4eb70cad8..8e7cc06f4 100644
--- a/test/unit/ajax.js
+++ b/test/unit/ajax.js
@@ -71,54 +71,6 @@ QUnit.module( "ajax", {
 		};
 	} );
 
-	ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) {
-		return {
-			create: function( options ) {
-				options.crossDomain = true;
-				return jQuery.ajax( url( "data/script.php?header=ecma" ), options );
-			},
-			success: function() {
-				assert.ok( true, "success" );
-			},
-			complete: function() {
-				assert.ok( true, "complete" );
-			}
-		};
-	} );
-
-	ajaxTest( "jQuery.ajax() - execute js for crossOrigin when dataType option is provided", 3,
-		function( assert ) {
-			return {
-				create: function( options ) {
-					options.crossDomain = true;
-					options.dataType = "script";
-					return jQuery.ajax( url( "data/script.php?header=ecma" ), options );
-				},
-				success: function() {
-					assert.ok( true, "success" );
-				},
-				complete: function() {
-					assert.ok( true, "complete" );
-				}
-			};
-		}
-	);
-
-	ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) {
-		return {
-			create: function( options ) {
-				options.crossDomain = true;
-				return jQuery.ajax( url( "data/script.php" ), options );
-			},
-			success: function() {
-				assert.ok( true, "success" );
-			},
-			complete: function() {
-				assert.ok( true, "complete" );
-			}
-		};
-	} );
-
 	ajaxTest( "jQuery.ajax() - success callbacks (late binding)", 8, function( assert ) {
 		return {
 			setup: addGlobalEvents( "ajaxStart ajaxStop ajaxSend ajaxComplete ajaxSuccess", assert ),
-- 
2.39.5