From 844fe7637b2ab97c4d0ae0df4729720e7c394a27 Mon Sep 17 00:00:00 2001
From: Korvin Szanto <Korvinszanto@gmail.com>
Date: Thu, 21 May 2020 11:14:56 -0700
Subject: [PATCH 1/3] Update default iframeSrc to be 'about:blank' in all cases

---
 src/jquery.form.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/jquery.form.js b/src/jquery.form.js
index af5c5082..da22b57e 100644
--- a/src/jquery.form.js
+++ b/src/jquery.form.js
@@ -159,7 +159,7 @@
 			url       : url,
 			success   : $.ajaxSettings.success,
 			type      : method || $.ajaxSettings.type,
-			iframeSrc : /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank'		// eslint-disable-line no-script-url
+			iframeSrc : 'about:blank'
 		}, options);
 
 		// hook for manipulating the form data before it is extracted;

From c261723f407cdc31b158d025df7b3af620a28d0f Mon Sep 17 00:00:00 2001
From: Korvin Szanto <Korvinszanto@gmail.com>
Date: Sun, 24 May 2020 10:52:34 -0700
Subject: [PATCH 2/3] Apply `javascript:false` only for IE

This seems to fix the reported issue in IE and every browser I tested with.
---
 src/jquery.form.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/jquery.form.js b/src/jquery.form.js
index da22b57e..e5e260c3 100644
--- a/src/jquery.form.js
+++ b/src/jquery.form.js
@@ -125,7 +125,7 @@
 		}
 
 		/* eslint consistent-this: ["error", "$form"] */
-		var method, action, url, $form = this;
+		var method, action, url, isMsie, iframeSrc, $form = this;
 
 		if (typeof options === 'function') {
 			options = {success: options};
@@ -154,12 +154,16 @@
 			// clean url (don't include hash vaue)
 			url = (url.match(/^([^#]+)/) || [])[1];
 		}
+		// IE requires javascript:false in https, but this breaks chrome >83 and goes against spec.
+		// Instead of using javascript:false always, let's only apply it for IE.
+		isMsie = /(MSIE|trident)/.test(navigator.userAgent || '');
+		iframeSrc = (isMsie && /^https/i.test(window.location.href || '')) ? 'javascript:false' : 'about:blank'; // eslint-disable-line no-script-url
 
 		options = $.extend(true, {
 			url       : url,
 			success   : $.ajaxSettings.success,
 			type      : method || $.ajaxSettings.type,
-			iframeSrc : 'about:blank'
+			iframeSrc : iframeSrc
 		}, options);
 
 		// hook for manipulating the form data before it is extracted;

From c8f9a22a4dd30b49823a4f9531e94680b3eb6e7b Mon Sep 17 00:00:00 2001
From: Korvin Szanto <Korvinszanto@gmail.com>
Date: Tue, 26 May 2020 09:22:03 -0700
Subject: [PATCH 3/3] Use capital T for trident

---
 src/jquery.form.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/jquery.form.js b/src/jquery.form.js
index e5e260c3..072327a3 100644
--- a/src/jquery.form.js
+++ b/src/jquery.form.js
@@ -156,7 +156,7 @@
 		}
 		// IE requires javascript:false in https, but this breaks chrome >83 and goes against spec.
 		// Instead of using javascript:false always, let's only apply it for IE.
-		isMsie = /(MSIE|trident)/.test(navigator.userAgent || '');
+		isMsie = /(MSIE|Trident)/.test(navigator.userAgent || '');
 		iframeSrc = (isMsie && /^https/i.test(window.location.href || '')) ? 'javascript:false' : 'about:blank'; // eslint-disable-line no-script-url
 
 		options = $.extend(true, {