aboutsummaryrefslogtreecommitdiffstats
path: root/test/unit/ajax.js
diff options
context:
space:
mode:
authorMichał Gołębiowski-Owczarek <m.goleb@gmail.com>2021-01-26 15:58:29 +0100
committerGitHub <noreply@github.com>2021-01-26 15:58:29 +0100
commit025da4dd343e6734f3d3c1b4785b1548498115d8 (patch)
tree6c5d93a976296645953818d7a922a5531827be12 /test/unit/ajax.js
parenta32cf6324f8f2190e66a687e94be9687ebf840b7 (diff)
downloadjquery-025da4dd343e6734f3d3c1b4785b1548498115d8.tar.gz
jquery-025da4dd343e6734f3d3c1b4785b1548498115d8.zip
Ajax: Don't auto-execute scripts unless dataType provided
PR gh-2588 made jQuery stop auto-execute cross-domain scripts unless `dataType: "script"` was explicitly provided; this change landed in jQuery 3.0.0. This change extends that logic same-domain scripts as well. After this change, to request a script under a provided URL to be evaluated, you need to provide `dataType: "script` in `jQuery.ajax` options or to use `jQuery.getScript`. Fixes gh-4822 Closes gh-4825 Ref gh-2432 Ref gh-2588
Diffstat (limited to 'test/unit/ajax.js')
-rw-r--r--test/unit/ajax.js71
1 files changed, 23 insertions, 48 deletions
diff --git a/test/unit/ajax.js b/test/unit/ajax.js
index 271496ce1..4ab17e8eb 100644
--- a/test/unit/ajax.js
+++ b/test/unit/ajax.js
@@ -71,13 +71,20 @@ QUnit.module( "ajax", {
};
} );
- ajaxTest( "jQuery.ajax() - execute js for crossOrigin when dataType option is provided", 3,
+ ajaxTest( "jQuery.ajax() - custom attributes for script tag", 5,
function( assert ) {
return {
create: function( options ) {
- options.crossDomain = true;
+ var xhr;
+ options.method = "POST";
options.dataType = "script";
- return jQuery.ajax( url( "mock.php?action=script&header=ecma" ), options );
+ options.scriptAttrs = { id: "jquery-ajax-test", async: "async" };
+ xhr = jQuery.ajax( url( "mock.php?action=script" ), options );
+ assert.equal( jQuery( "#jquery-ajax-test" ).attr( "async" ), "async", "attr value" );
+ return xhr;
+ },
+ beforeSend: function( _jqXhr, settings ) {
+ assert.strictEqual( settings.type, "GET", "Type changed to GET" );
},
success: function() {
assert.ok( true, "success" );
@@ -89,20 +96,13 @@ QUnit.module( "ajax", {
}
);
- ajaxTest( "jQuery.ajax() - custom attributes for script tag", 5,
+ ajaxTest( "jQuery.ajax() - execute JS when dataType option is provided", 3,
function( assert ) {
return {
create: function( options ) {
- var xhr;
- options.method = "POST";
+ options.crossDomain = true;
options.dataType = "script";
- options.scriptAttrs = { id: "jquery-ajax-test", async: "async" };
- xhr = jQuery.ajax( url( "mock.php?action=script" ), options );
- assert.equal( jQuery( "#jquery-ajax-test" ).attr( "async" ), "async", "attr value" );
- return xhr;
- },
- beforeSend: function( _jqXhr, settings ) {
- assert.strictEqual( settings.type, "GET", "Type changed to GET" );
+ return jQuery.ajax( url( "mock.php?action=script&header=ecma" ), options );
},
success: function() {
assert.ok( true, "success" );
@@ -114,22 +114,16 @@ QUnit.module( "ajax", {
}
);
- ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) {
- return {
- create: function( options ) {
- options.crossDomain = true;
- return jQuery.ajax( url( "mock.php?action=script&header" ), options );
- },
- success: function() {
- assert.ok( true, "success" );
- },
- fail: function() {
- assert.ok( false, "fail" );
- },
- complete: function() {
- assert.ok( true, "complete" );
- }
- };
+ jQuery.each( [ " - Same Domain", " - Cross Domain" ], function( crossDomain, label ) {
+ ajaxTest( "jQuery.ajax() - do not execute JS (gh-2432, gh-4822) " + label, 1, function( assert ) {
+ return {
+ url: url( "mock.php?action=script&header" ),
+ crossDomain: crossDomain,
+ success: function() {
+ assert.ok( true, "success" );
+ }
+ };
+ } );
} );
ajaxTest( "jQuery.ajax() - success callbacks (late binding)", 8, function( assert ) {
@@ -1439,25 +1433,6 @@ QUnit.module( "ajax", {
};
} );
- ajaxTest( "jQuery.ajax() - script by content-type", 2, function() {
- return [
- {
- url: baseURL + "mock.php?action=script",
- data: {
- "header": "script"
- },
- success: true
- },
- {
- url: baseURL + "mock.php?action=script",
- data: {
- "header": "ecma"
- },
- success: true
- }
- ];
- } );
-
ajaxTest( "jQuery.ajax() - JSON by content-type", 5, function( assert ) {
return {
url: baseURL + "mock.php?action=json",