Side navigation
#7371 closed bug (fixed)
Opened November 01, 2010 11:59PM UTC
Closed January 17, 2011 09:31PM UTC
Last modified August 16, 2012 02:13PM UTC
Delay Execution of Eval Test
| Reported by: | john | Owned by: | john |
|---|---|---|---|
| Priority: | blocker | Milestone: | 1.5 |
| Component: | support | Version: | 1.4.4 |
| Keywords: | Cc: | ||
| Blocked by: | Blocking: |
Description
So that we don't throw errors due to CSP we should delay the script execution test in support.js until later. This will cause a regression (as the property won't exist until the test is run) thus we should land this in a major release.
More details about CSP:
Attachments (0)
Change History (12)
Changed November 01, 2010 11:59PM UTC by comment:1
| owner: | → john |
|---|---|
| status: | new → assigned |
Changed November 01, 2010 11:59PM UTC by comment:2
| component: | unfiled → support |
|---|---|
| priority: | undecided → high |
Changed November 02, 2010 03:28PM UTC by comment:3
Even though this won't be released until 1.5 it would be great to have a patch as soon as possible as sites are starting to implement CSP and I'd love to be let them patch themselves pre-release.
Changed November 17, 2010 01:15AM UTC by comment:4
I posted a patch over here and created a pull request.
Changed November 19, 2010 09:12PM UTC by comment:5
I cancelled the previous pull request and created a new patch that leaves the bulk of the changes in support.js.
Changed November 21, 2010 10:10PM UTC by comment:6
3rd party pull request
Changed January 14, 2011 05:42PM UTC by comment:7
| priority: | high → blocker |
|---|---|
| version: | 1.4.3 → 1.4.4 |
Changed January 17, 2011 09:31PM UTC by comment:8
| resolution: | → fixed |
|---|---|
| status: | assigned → closed |
Defer scriptEval test until first use to prevent Content Security Policy inline-script violations from occuring. Fixes #7371.
Changeset: 220a0ce1628d376ec14394c9b0be3c10f92a4cdb
Changed February 07, 2011 10:54PM UTC by comment:9
| blocking: | → 8200 |
|---|
(In #8200) Applying this patch will contradict this commit: http://bugs.jquery.com/ticket/7371 (which was a blocker)
https://github.com/jquery/jquery/blob/220a0ce1628d376ec14394c9b0be3c10f92a4cdb/src/support.js
Changed February 07, 2011 11:50PM UTC by comment:10
| keywords: | → needsdocs |
|---|
Changed February 12, 2011 02:03AM UTC by comment:11
For those interested. Test case is here https://github.com/jquery/jquery/commit/9c763ad39d42c54d
Changed August 16, 2012 02:13PM UTC by comment:12
| keywords: | needsdocs |
|---|
Since the code now only runs this for IE 6-8 and those don't support CSP, it's safe to leave as-is.