diff options
| -rw-r--r-- | src/manipulation/_evalUrl.js | 9 | ||||
| -rw-r--r-- | test/unit/manipulation.js | 17 |
2 files changed, 24 insertions, 2 deletions
diff --git a/src/manipulation/_evalUrl.js b/src/manipulation/_evalUrl.js index f9ec7027c..1ed033673 100644 --- a/src/manipulation/_evalUrl.js +++ b/src/manipulation/_evalUrl.js @@ -10,11 +10,16 @@ jQuery._evalUrl = function( url ) { // Make this explicit, since user can override this through ajaxSetup (#11264) type: "GET", - dataType: "script", + dataType: "text", cache: true, async: false, global: false, - "throws": true + "throws": true, + + // Only evaluate the response if it is successful (gh-4126) + success: function( text ) { + jQuery.globalEval( text ); + } } ); }; diff --git a/test/unit/manipulation.js b/test/unit/manipulation.js index ddb04c7d6..300add5ec 100644 --- a/test/unit/manipulation.js +++ b/test/unit/manipulation.js @@ -2818,3 +2818,20 @@ QUnit.test( "Insert script with data-URI (gh-1887)", 1, function( assert ) { done(); }, 100 ); } ); + +QUnit.test( "Ignore content from unsuccessful responses (gh-4126)", 1, function( assert ) { + var globalEval = jQuery.globalEval; + jQuery.globalEval = function( code ) { + assert.ok( false, "no attempt to evaluate code from an unsuccessful response" ); + }; + + try { + jQuery( "#qunit-fixture" ).append( + "<script src='" + url( "mock.php?action=error" ) + "'/>" ); + assert.ok( true, "no error thrown from embedding script with unsuccessful-response src" ); + } catch ( e ) { + throw e; + } finally { + jQuery.globalEval = globalEval; + } +} ); |