Core: Preserve CSP nonce on scripts in DOM manipulation

Fixes gh-3541 Closes gh-4269
author: Michał Gołębiowski-Owczarek <m.goleb@gmail.com> 2019-01-14 19:29:54 +0100
committer: GitHub <noreply@github.com> 2019-01-14 19:29:54 +0100
commit: c7c2855ed13f23322c4064407c1ed84561b95738 (patch)
tree: 0bae25a4dd554f3066fdc1df65ecf6ea43d81752 /test/unit
parent: 9cb162f6b62b6d4403060a0f0d2065d3ae96bbcc (diff)
download: jquery-c7c2855ed13f23322c4064407c1ed84561b95738.tar.gz
jquery-c7c2855ed13f23322c4064407c1ed84561b95738.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js
index 300add5ec..c8d5cdefe 100644
--- a/test/unit/manipulation.js
+++ b/test/unit/manipulation.js
@@ -2835,3 +2835,23 @@ QUnit.test( "Ignore content from unsuccessful responses (gh-4126)", 1, function(
 		jQuery.globalEval = globalEval;
 	}
 } );
+
+testIframe(
+	"Check if CSP nonce is preserved",
+	"mock.php?action=cspNonce",
+	function( assert, jQuery, window, document ) {
+		var done = assert.async();
+
+		assert.expect( 1 );
+
+		supportjQuery.get( baseURL + "support/csp.log" ).done( function( data ) {
+			assert.equal( data, "", "No log request should be sent" );
+			supportjQuery.get( baseURL + "mock.php?action=cspClean" ).done( done );
+		} );
+	},
+
+	// Support: Edge 18+
+	// Edge doesn't support nonce in non-inline scripts.
+	// See https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/13246371/
+	QUnit[ /\bedge\//i.test( navigator.userAgent ) ? "skip" : "test" ]
+);
author	Michał Gołębiowski-Owczarek <m.goleb@gmail.com>	2019-01-14 19:29:54 +0100
committer	GitHub <noreply@github.com>	2019-01-14 19:29:54 +0100
commit	c7c2855ed13f23322c4064407c1ed84561b95738 (patch)
tree	0bae25a4dd554f3066fdc1df65ecf6ea43d81752 /test/unit
parent	9cb162f6b62b6d4403060a0f0d2065d3ae96bbcc (diff)
download	jquery-c7c2855ed13f23322c4064407c1ed84561b95738.tar.gz jquery-c7c2855ed13f23322c4064407c1ed84561b95738.zip