From: Asbjørn Sloth Tønnesen <ast@mugami.com>
Date: Thu, 3 Feb 2011 18:44:05 +0000 (+0000)
Subject: ajax: script: Threat sameDomain file:// requests as crossDomain
X-Git-Url: http://git.asbjorn.biz/?p=jquery.git;a=commitdiff_plain;h=refs%2Fheads%2Fgetscript-fix

ajax: script: Threat sameDomain file:// requests as crossDomain

Due to file:// XHR security measures in Chromium[1], dynamic loading
of scripts need to use the script tag injection hack.

FYI: Chromium are considering possible ways to loosen these restrictions[2].

Tested in Chromium 6.0.472.63, Firefox 3.6.7 and Konqueror 4.4.5

[1] http://code.google.com/p/chromium/issues/detail?id=4197
[2] http://code.google.com/p/chromium/issues/detail?id=47416

Signed-off-by: Asbjørn Sloth Tønnesen <ast@mugami.com>
---

diff --git a/src/ajax/script.js b/src/ajax/script.js
index 34ddd04..764a806 100644
--- a/src/ajax/script.js
+++ b/src/ajax/script.js
@@ -30,8 +30,11 @@ jQuery.ajaxPrefilter( "script", function( s ) {
 // Bind script tag hack transport
 jQuery.ajaxTransport( "script", function(s) {
 
-	// This transport only deals with cross domain requests
-	if ( s.crossDomain ) {
+	// This transport primarily deals with cross domain requests
+	// but also sameDomain request within file:// due to
+	// http://code.google.com/p/chromium/issues/detail?id=4197 + 47416
+	var local = location.protocol === 'file:';
+	if ( s.crossDomain || local ) {
 
 		var script,
 			head = document.head || document.getElementsByTagName( "head" )[0] || document.documentElement;