diff options
-rw-r--r-- | src/ajax/script.js | 6 | ||||
-rw-r--r-- | test/unit/ajax.js | 23 |
2 files changed, 26 insertions, 3 deletions
diff --git a/src/ajax/script.js b/src/ajax/script.js index 6e0d21e99..292627f7e 100644 --- a/src/ajax/script.js +++ b/src/ajax/script.js @@ -43,15 +43,15 @@ jQuery.ajaxPrefilter( "script", function( s ) { // Bind script tag hack transport jQuery.ajaxTransport( "script", function( s ) { - // This transport only deals with cross domain requests - if ( s.crossDomain ) { + // This transport only deals with cross domain or forced-by-attrs requests + if ( s.crossDomain || s.scriptAttrs ) { var script, callback; return { send: function( _, complete ) { script = jQuery( "<script>" ).prop( { charset: s.scriptCharset, src: s.url - } ).on( + } ).attr( s.scriptAttrs || {} ).on( "load error", callback = function( evt ) { script.remove(); diff --git a/test/unit/ajax.js b/test/unit/ajax.js index ff9fd8e70..8a13810fc 100644 --- a/test/unit/ajax.js +++ b/test/unit/ajax.js @@ -89,6 +89,29 @@ QUnit.module( "ajax", { } ); + ajaxTest( "jQuery.ajax() - custom attributes for script tag", 4, + function( assert ) { + var nonceValue = "0123456789"; + return { + create: function( options ) { + var xhr; + options.dataType = "script"; + options.scriptAttrs = { id: "jquery-ajax-test", nonce: nonceValue }; + xhr = jQuery.ajax( url( "data/script.php?header=ecma" ), options ); + // Ensure the script tag has the nonce attr on it + assert.ok( nonceValue === jQuery( "#jquery-ajax-test" ).attr( "nonce" ), "nonce value" ); + return xhr; + }, + success: function() { + assert.ok( true, "success" ); + }, + complete: function() { + assert.ok( true, "complete" ); + } + }; + } + ); + ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) { return { create: function( options ) { |