src/core/DOMEval.js

   1 define( [
   2         "../var/document"
   3 ], function( document ) {
   4         "use strict";
   5
   6         var preservedScriptAttributes = {
   7                 type: true,
   8                 src: true,
   9                 nonce: true,
  10                 noModule: true
  11         };
  12
  13         function DOMEval( code, doc, node ) {
  14                 doc = doc || document;
  15
  16                 var i,
  17                         script = doc.createElement( "script" );
  18
  19                 script.text = code;
  20                 if ( node ) {
  21                         for ( i in preservedScriptAttributes ) {
  22                                 if ( node[ i ] ) {
  23                                         script[ i ] = node[ i ];
  24                                 } else if ( node.getAttribute( i ) ) {
  25
  26                                         // Support: Firefox 64+, Edge 18+
  27                                         // Some browsers don't support the "nonce" property on scripts.
  28                                         // On the other hand, just using `setAttribute` & `getAttribute`
  29                                         // is not enough as `nonce` is no longer exposed as an attribute
  30                                         // in the latest standard.
  31                                         // See https://github.com/whatwg/html/issues/2369
  32                                         script.setAttribute( i, node.getAttribute( i ) );
  33                                 }
  34                         }
  35                 }
  36                 doc.head.appendChild( script ).parentNode.removeChild( script );
  37         }
  38
  39         return DOMEval;
  40 } );