How ugly...

Cross-domain scripts passed to .domManip have always put at odds our "guarantees" of synchronous behavior and universal script evaluation. The change of dataType from "script" to "text" in https://github.com/jquery/jquery/commit/03db1ada2cc223edf545c5a452e55062647837fa#L1L259 amounted to sacrificing the latter in favor of the former (by bypassing the element-based script transport), a reversal from versions preceding 2.0.0.

As far as I can tell, backwards compatibility for this case pretty much forces us to again use dataType: "script". Testing it is going to be a pain, though; I don't think we always have a window to search for the injected script element, so we'll probably have to force crossDomain: true and do a server-side check for the absence of an "Origin" header.

Let's discuss this one. Script injection is more a security bug than an API feature, and it seems like we have several other ways of accomplishing this already.

Are you referring to native DOM methods? Because ours will send every script src to jQuery.ajax.

We could control in the beforeSend callback that the request is not crossDomain and throw if it is. That'll at least be honest about what's actually going on and what we're able to handle coherently.

There are a lot of other, safer, better, even easier, ways to load scripts.

I'm not disagreeing, just pointing out that this regression affects all jQuery DOM manipulation.

Sure enough.

However, given we have no guarantee whatsoever regarding when cross-domain scripts would get executed, this kind of code is begging for race condition and "it fails sometimes" kinda bug reports. So I'd be in favour of going the extra mile and kill this with an exception once and for all. If someone wants to have the old behaviour, it's easy enough to override _evalUrl.

TL;DR: let's break this for real with an exception and let people handle back-compat with _evalURL.

Fix #13803: domManip remote-script evaluation per 1.9 (AJAX dataType "script")

Changeset: 18cccd04a6f69018242bce96ef905bc5d3be6ff8