diff options
author | Michał Gołębiowski-Owczarek <m.goleb@gmail.com> | 2021-01-26 15:58:29 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-26 15:58:29 +0100 |
commit | 025da4dd343e6734f3d3c1b4785b1548498115d8 (patch) | |
tree | 6c5d93a976296645953818d7a922a5531827be12 /test | |
parent | a32cf6324f8f2190e66a687e94be9687ebf840b7 (diff) | |
download | jquery-025da4dd343e6734f3d3c1b4785b1548498115d8.tar.gz jquery-025da4dd343e6734f3d3c1b4785b1548498115d8.zip |
Ajax: Don't auto-execute scripts unless dataType provided
PR gh-2588 made jQuery stop auto-execute cross-domain scripts unless
`dataType: "script"` was explicitly provided; this change landed in jQuery
3.0.0. This change extends that logic same-domain scripts as well.
After this change, to request a script under a provided URL to be evaluated,
you need to provide `dataType: "script` in `jQuery.ajax` options or to use
`jQuery.getScript`.
Fixes gh-4822
Closes gh-4825
Ref gh-2432
Ref gh-2588
Diffstat (limited to 'test')
-rw-r--r-- | test/unit/ajax.js | 71 |
1 files changed, 23 insertions, 48 deletions
diff --git a/test/unit/ajax.js b/test/unit/ajax.js index 271496ce1..4ab17e8eb 100644 --- a/test/unit/ajax.js +++ b/test/unit/ajax.js @@ -71,13 +71,20 @@ QUnit.module( "ajax", { }; } ); - ajaxTest( "jQuery.ajax() - execute js for crossOrigin when dataType option is provided", 3, + ajaxTest( "jQuery.ajax() - custom attributes for script tag", 5, function( assert ) { return { create: function( options ) { - options.crossDomain = true; + var xhr; + options.method = "POST"; options.dataType = "script"; - return jQuery.ajax( url( "mock.php?action=script&header=ecma" ), options ); + options.scriptAttrs = { id: "jquery-ajax-test", async: "async" }; + xhr = jQuery.ajax( url( "mock.php?action=script" ), options ); + assert.equal( jQuery( "#jquery-ajax-test" ).attr( "async" ), "async", "attr value" ); + return xhr; + }, + beforeSend: function( _jqXhr, settings ) { + assert.strictEqual( settings.type, "GET", "Type changed to GET" ); }, success: function() { assert.ok( true, "success" ); @@ -89,20 +96,13 @@ QUnit.module( "ajax", { } ); - ajaxTest( "jQuery.ajax() - custom attributes for script tag", 5, + ajaxTest( "jQuery.ajax() - execute JS when dataType option is provided", 3, function( assert ) { return { create: function( options ) { - var xhr; - options.method = "POST"; + options.crossDomain = true; options.dataType = "script"; - options.scriptAttrs = { id: "jquery-ajax-test", async: "async" }; - xhr = jQuery.ajax( url( "mock.php?action=script" ), options ); - assert.equal( jQuery( "#jquery-ajax-test" ).attr( "async" ), "async", "attr value" ); - return xhr; - }, - beforeSend: function( _jqXhr, settings ) { - assert.strictEqual( settings.type, "GET", "Type changed to GET" ); + return jQuery.ajax( url( "mock.php?action=script&header=ecma" ), options ); }, success: function() { assert.ok( true, "success" ); @@ -114,22 +114,16 @@ QUnit.module( "ajax", { } ); - ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) { - return { - create: function( options ) { - options.crossDomain = true; - return jQuery.ajax( url( "mock.php?action=script&header" ), options ); - }, - success: function() { - assert.ok( true, "success" ); - }, - fail: function() { - assert.ok( false, "fail" ); - }, - complete: function() { - assert.ok( true, "complete" ); - } - }; + jQuery.each( [ " - Same Domain", " - Cross Domain" ], function( crossDomain, label ) { + ajaxTest( "jQuery.ajax() - do not execute JS (gh-2432, gh-4822) " + label, 1, function( assert ) { + return { + url: url( "mock.php?action=script&header" ), + crossDomain: crossDomain, + success: function() { + assert.ok( true, "success" ); + } + }; + } ); } ); ajaxTest( "jQuery.ajax() - success callbacks (late binding)", 8, function( assert ) { @@ -1439,25 +1433,6 @@ QUnit.module( "ajax", { }; } ); - ajaxTest( "jQuery.ajax() - script by content-type", 2, function() { - return [ - { - url: baseURL + "mock.php?action=script", - data: { - "header": "script" - }, - success: true - }, - { - url: baseURL + "mock.php?action=script", - data: { - "header": "ecma" - }, - success: true - } - ]; - } ); - ajaxTest( "jQuery.ajax() - JSON by content-type", 5, function( assert ) { return { url: baseURL + "mock.php?action=json", |