Prevent auto-execution of scripts when no explicit dataType was provided.
/**
* Prevent auto-execution of scripts when no explicit dataType
* was provided (See gh-2432).
*
* Usage:
*
* To apply the fix, apply the patch manually in your application code
* just after loading jQuery.
*
* Source:
* https://github.com/jquery/jquery/issues/2432#issuecomment-403761229
*
* Cross-site Scripting (XSS) Vulnerability Affecting jquery package, versions <3.0.0-beta1 >1.12.3 || <1.12.0 >=1.4.0:
* https://snyk.io/vuln/npm:jquery:20150627
*/
jQuery.ajaxPrefilter(function(s) {
if (s.crossDomain) {
s.contents.script = false;
}
});