Ajax: preventing xss on untrusted URLs

[timmywil]

Per jquery/jquery#2175, I recommend we add a note on the ajax page about retrieving scripts from an untrusted domain. Automatic JS execution and JSONP type inference can be prevented with options. All that is required is to set the dataType...

$.get({
  url: "//untrusted.com/script.js",
  dataType: "text"
});

http://jsbin.com/rafima/1/edit?js,console

[AurelioDeRosa]

@dmethvin I think this issue has been addressed with AurelioDeRosa@75d59a3. Would you agree?

[dmethvin]

Yep, thanks!