Skip to content

Ajax: Don't auto-execute scripts unless dataType provided #4825

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mgol merged 1 commit into from
Jan 26, 2021
Merged

Ajax: Don't auto-execute scripts unless dataType provided #4825

mgol merged 1 commit into from
Jan 26, 2021

Conversation

@mgol
Copy link
Member

@mgol mgol commented Jan 4, 2021
edited
Loading

Ajax: Don't auto-execute scripts unless dataType provided

PR gh-2588 made jQuery stop auto-execute cross-domain scripts unless
dataType: "script" was explicitly provided; this change landed in jQuery
3.0.0. This change extends that logic same-domain scripts as well.

After this change, to request a script under a provided URL to be evaluated,
you need to provide dataType: "script in jQuery.ajax options or to use
jQuery.getScript.

Fixes gh-4822
Ref gh-2432
Ref gh-2588

-28 bytes

Checklist

@mgol mgol added Ajax Needs review Behavior Change Discuss in Meeting Reserved for Issues and PRs that anyone would like to discuss in the weekly meeting. labels Jan 4, 2021
@mgol mgol added this to the 4.0.0 milestone Jan 4, 2021
@mgol mgol mentioned this pull request Jan 4, 2021
Closed
@mgol mgol marked this pull request as ready for review January 11, 2021 17:16
@mgol mgol force-pushed the ajax-script-no-auto-execute-gh-4822 branch from b7445b2 to ba781e1 Compare January 11, 2021 17:21
@mgol mgol removed the Discuss in Meeting Reserved for Issues and PRs that anyone would like to discuss in the weekly meeting. label Jan 11, 2021
timmywil
timmywil approved these changes Jan 25, 2021
View reviewed changes
Copy link
Member

@timmywil timmywil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mgol mgol removed the Needs review label Jan 25, 2021
@mgol
Ajax: Don't auto-execute scripts unless dataType provided
fe9ebf5 
PR jquerygh-2588 made jQuery stop auto-execute cross-domain scripts unless
`dataType: "script"` was explicitly provided; this change landed in jQuery
3.0.0. This change extends that logic same-domain scripts as well.

After this change, to request a script under a provided URL to be evaluated,
you need to provide `dataType: "script` in `jQuery.ajax` options or to use
`jQuery.getScript`.

Fixes jquerygh-4822
Ref jquerygh-2432
Ref jquerygh-2588
@mgol mgol force-pushed the ajax-script-no-auto-execute-gh-4822 branch from ba781e1 to fe9ebf5 Compare January 26, 2021 14:54
@mgol mgol merged commit 025da4d into jquery:master Jan 26, 2021
@mgol mgol deleted the ajax-script-no-auto-execute-gh-4822 branch January 26, 2021 14:58
@snyk-bot snyk-bot mentioned this pull request Apr 19, 2021
Closed
@snyk-bot snyk-bot mentioned this pull request May 3, 2021
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 24, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@timmywil timmywil timmywil approved these changes

Assignees

No one assigned

Labels

Ajax Behavior Change

Milestone

4.0.0

Development

Successfully merging this pull request may close these issues.

jQuery ajax automatically evaluates (runs) script file

2 participants

@mgol @timmywil