Skip to content

Commit ad358fd

Browse files
markelogmarkelog
committedNov 11, 2015
Revert "Ajax: Mitigate possible XSS vulnerability"
This reverts commit b078a62.
1 parent 8dda094 commit ad358fd

File tree

3 files changed

+1
-56
lines changed

3 files changed

+1
-56
lines changed
 

‎src/ajax.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -223,7 +223,7 @@ function ajaxConvert( s, response, jqXHR, isSuccess ) {
223223

224224
if ( current ) {
225225

226-
// There's only work to do if current dataType is non-auto
226+
// There's only work to do if current dataType is non-auto
227227
if ( current === "*" ) {
228228

229229
current = prev;

‎src/ajax/script.js

-7
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,6 @@ define( [
44
"../ajax"
55
], function( jQuery, document ) {
66

7-
// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432)
8-
jQuery.ajaxPrefilter( function( s ) {
9-
if ( s.crossDomain ) {
10-
s.contents.script = false;
11-
}
12-
} );
13-
147
// Install script dataType
158
jQuery.ajaxSetup( {
169
accepts: {

‎test/unit/ajax.js

-48
Original file line numberDiff line numberDiff line change
@@ -71,54 +71,6 @@ QUnit.module( "ajax", {
7171
};
7272
} );
7373

74-
ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) {
75-
return {
76-
create: function( options ) {
77-
options.crossDomain = true;
78-
return jQuery.ajax( url( "data/script.php?header=ecma" ), options );
79-
},
80-
success: function() {
81-
assert.ok( true, "success" );
82-
},
83-
complete: function() {
84-
assert.ok( true, "complete" );
85-
}
86-
};
87-
} );
88-
89-
ajaxTest( "jQuery.ajax() - execute js for crossOrigin when dataType option is provided", 3,
90-
function( assert ) {
91-
return {
92-
create: function( options ) {
93-
options.crossDomain = true;
94-
options.dataType = "script";
95-
return jQuery.ajax( url( "data/script.php?header=ecma" ), options );
96-
},
97-
success: function() {
98-
assert.ok( true, "success" );
99-
},
100-
complete: function() {
101-
assert.ok( true, "complete" );
102-
}
103-
};
104-
}
105-
);
106-
107-
ajaxTest( "jQuery.ajax() - do not execute js (crossOrigin)", 2, function( assert ) {
108-
return {
109-
create: function( options ) {
110-
options.crossDomain = true;
111-
return jQuery.ajax( url( "data/script.php" ), options );
112-
},
113-
success: function() {
114-
assert.ok( true, "success" );
115-
},
116-
complete: function() {
117-
assert.ok( true, "complete" );
118-
}
119-
};
120-
} );
121-
12274
ajaxTest( "jQuery.ajax() - success callbacks (late binding)", 8, function( assert ) {
12375
return {
12476
setup: addGlobalEvents( "ajaxStart ajaxStop ajaxSend ajaxComplete ajaxSuccess", assert ),

0 commit comments

Comments
 (0)