diff options
Diffstat (limited to 'src/support.js')
| -rw-r--r-- | src/support.js | 65 |
1 files changed, 42 insertions, 23 deletions
diff --git a/src/support.js b/src/support.js index 55c19d80a..8adec5a0f 100644 --- a/src/support.js +++ b/src/support.js @@ -4,10 +4,7 @@ jQuery.support = {}; - var root = document.documentElement, - script = document.createElement("script"), - div = document.createElement("div"), - id = "script" + jQuery.now(); + var div = document.createElement("div"); div.style.display = "none"; div.innerHTML = " <link/><table></table><a href='/a' style='color:red;float:left;opacity:.55;'>a</a><input type='checkbox'/>"; @@ -68,7 +65,7 @@ deleteExpando: true, optDisabled: false, checkClone: false, - scriptEval: false, + _scriptEval: null, noCloneEvent: true, boxModel: null, inlineBlockNeedsLayout: false, @@ -81,32 +78,46 @@ select.disabled = true; jQuery.support.optDisabled = !opt.disabled; - script.type = "text/javascript"; - try { - script.appendChild( document.createTextNode( "window." + id + "=1;" ) ); - } catch(e) {} - - root.insertBefore( script, root.firstChild ); + jQuery.support.scriptEval = function() { + if ( jQuery.support._scriptEval === null ) { + var root = document.documentElement, + script = document.createElement("script"), + id = "script" + jQuery.now(); + + script.type = "text/javascript"; + try { + script.appendChild( document.createTextNode( "window." + id + "=1;" ) ); + } catch(e) {} + + root.insertBefore( script, root.firstChild ); + + // Make sure that the execution of code works by injecting a script + // tag with appendChild/createTextNode + // (IE doesn't support this, fails, and uses .text instead) + if ( window[ id ] ) { + jQuery.support._scriptEval = true; + delete window[ id ]; + } else { + jQuery.support._scriptEval = false; + } + + root.removeChild( script ); + // release memory in IE + root = script = id = null; + } - // Make sure that the execution of code works by injecting a script - // tag with appendChild/createTextNode - // (IE doesn't support this, fails, and uses .text instead) - if ( window[ id ] ) { - jQuery.support.scriptEval = true; - delete window[ id ]; - } + return jQuery.support._scriptEval; + }; // Test to see if it's possible to delete an expando from an element // Fails in Internet Explorer try { - delete script.test; + delete div.test; } catch(e) { jQuery.support.deleteExpando = false; } - root.removeChild( script ); - if ( div.attachEvent && div.fireEvent ) { div.attachEvent("onclick", function click() { // Cloning a node shouldn't copy over any @@ -151,7 +162,7 @@ jQuery.support.shrinkWrapBlocks = div.offsetWidth !== 2; } - div.innerHTML = "<table><tr><td style='padding:0;display:none'></td><td>t</td></tr></table>"; + div.innerHTML = "<table><tr><td style='padding:0;border:0;display:none'></td><td>t</td></tr></table>"; var tds = div.getElementsByTagName("td"); // Check if table cells still have offsetWidth/Height when they are set @@ -181,6 +192,14 @@ var el = document.createElement("div"); eventName = "on" + eventName; + // We only care about the case where non-standard event systems + // are used, namely in IE. Short-circuiting here helps us to + // avoid an eval call (in setAttribute) which can cause CSP + // to go haywire. See: https://developer.mozilla.org/en/Security/CSP + if ( !el.attachEvent ) { + return true; + } + var isSupported = (eventName in el); if ( !isSupported ) { el.setAttribute(eventName, "return;"); @@ -195,6 +214,6 @@ jQuery.support.changeBubbles = eventSupported("change"); // release memory in IE - root = script = div = all = a = null; + div = all = a = null; })(); })( jQuery ); |