From 0e85cee72762cd9eb466a365a63053808934c189 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Asbj=C3=B8rn=20Sloth=20T=C3=B8nnesen?= Date: Thu, 3 Feb 2011 18:44:05 +0000 Subject: [PATCH] ajax: script: Threat sameDomain file:// requests as crossDomain MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Due to file:// XHR security measures in Chromium[1], dynamic loading of scripts need to use the script tag injection hack. FYI: Chromium are considering possible ways to loosen these restrictions[2]. Tested in Chromium 6.0.472.63, Firefox 3.6.7 and Konqueror 4.4.5 [1] http://code.google.com/p/chromium/issues/detail?id=4197 [2] http://code.google.com/p/chromium/issues/detail?id=47416 Signed-off-by: Asbjørn Sloth Tønnesen --- src/ajax/script.js | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/ajax/script.js b/src/ajax/script.js index 34ddd04..764a806 100644 --- a/src/ajax/script.js +++ b/src/ajax/script.js @@ -30,8 +30,11 @@ jQuery.ajaxPrefilter( "script", function( s ) { // Bind script tag hack transport jQuery.ajaxTransport( "script", function(s) { - // This transport only deals with cross domain requests - if ( s.crossDomain ) { + // This transport primarily deals with cross domain requests + // but also sameDomain request within file:// due to + // http://code.google.com/p/chromium/issues/detail?id=4197 + 47416 + var local = location.protocol === 'file:'; + if ( s.crossDomain || local ) { var script, head = document.head || document.getElementsByTagName( "head" )[0] || document.documentElement; -- 1.7.10.4