GITHUB . COM {}

Matching Content Categories {📚}

• Video & Online Content
• Technology & Computing
• Mobile Technology & AI

Content Management System {📝}

What CMS is github.com built with?

Github.com employs WORDPRESS.

Traffic Estimate {📈}

What is the average monthly size of github.com audience?

🚀🌠 Tremendous Traffic: 10M - 20M visitors per month


Based on our best estimate, this website will receive around 10,000,019 visitors per month in the current month.
However, some sources were not loaded, we suggest to reload the page to get complete results.

check SE Ranking
check Ahrefs
check Similarweb
check Ubersuggest
check Semrush

How Does Github.com Make Money? {💸}

Subscription Packages {💳}

How Much Does Github.com Make? {💰}

Subscription Packages {💳}

Prices on github.com are in US Dollars ($). They range from $4.00/month to $21.00/month.
We estimate that the site has approximately 4,989,889 paying customers.
The estimated monthly recurring revenue (MRR) is $20,957,532.
The estimated annual recurring revenues (ARR) are $251,490,385.

Wordpress Themes and Plugins {🎨}

What WordPress theme does this site use?

It is strange but we were not able to detect any theme on the page.

What WordPress plugins does this website use?

It is strange but we were not able to detect any plugins on the page.

Keywords {🔍}

file, jquery, javascript, code, ajax, script, issue, scripts, mgol, alexanderthegrgr, fetch, added, timmywil, runs, dont, commented, behavior, sign, pull, security, automatically, evaluates, load, text, request, datatype, provided, sense, discuss, meeting, change, issues, expect, run, data, domain, scrossdomain, false, expected, converter, time, makes, member, default, autoexecute, navigation, requests, actions, happen, string,

Topics {✒️}

alexanderthegr8-gr edits author converters['text script'] jumps pull request type security issue comment metadata assignees due date relationships cross-origin scripts auto-execute scripts conversions making sense jquery converted set // prevent auto-execution makes perfect sense means code execution pure js file timmywil added security javascript file fetched jquery code mgol added jquery file test code projects milestone 4 auto-execution issues default behavior ajax text script script executes javascript code code preventing mgol changed auto-evaluated script = false datatype provided javascript file explicit datatype type projects js file auto-run return text javascript objects javascript files net/a3quxb24/1/ absolutely logical html page meeting reserved weekly meeting quick response lose time file fetch

Payment Methods {📊}

• Braintree

Questions {❓}

• Already have an account?
• What actually happens?
• What do you expect to happen?

Schema {🗺️}

DiscussionForumPosting:
      context:https://schema.org
      headline:jQuery ajax automatically evaluates (runs) script file
      articleBody:### What do you expect to happen? ### When I fetch a JavaScript file with jQuery, for example with $.get(...) I do **NOT** expect it to run on load. \* I expect to get my data as a string (unless specified otherwise). ### What actually happens? ### When I fetch a JavaScript file with $.get(...) from **THE SAME** domain \*\*\* , then the script is auto-evaluated. Which means the jQuery converted set in jQuery.ajaxSettings.converters['text script'] jumps into place, and does ugly things, it actually runs the JavaScript code in the file.... while running the code of **$.get(...)** ... \* Since this "auto-run" functionality which is accompliced with eval\*\* is not stated in the documentation, I suppose no-one else expects it to happen either. ```javascript ** converters: { "text script": function( text ) { jQuery.globalEval( text ); return text; } } ``` \*\*\* because hey, someone thought we should consider security and prevented auto-runing cors scripts, and thus I can not setup an example online... The code preventing it is this bellow, and as you can see, it already hints: "auto-execution of scripts", which should not be part or a simple $.get(...) request... ```javascript // Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432) jQuery.ajaxPrefilter( function( s ) { if ( s.crossDomain ) { s.contents.script = false; } } ); ``` ### About conversions making sense ### * It's expected that when the file is json, I would need my data parsed, so a converter was added there, because **when** I actually come to **use** my data, I will need them as javascript objects. * But with a Javascript file, we can't have javascript in any other more useful form than string, unless we were to run it... And who would need javascript files to be run **on fetch**, since at fetch time, it is jQuery code, which means code execution is way before we come to the point of using -with our own code- that which was fetched (the javascript code)... ### Link to test case ### https://jsfiddle.net/a3quxb24/1/ Take a not though, as I said before the only way to stumble upon this "auto-run" js on file fetch is to have the js file in the same domain where the $.get is executed. And since the test code and the javascript file can not be in the same domain in my example (To my knowledge, nor JSFiddle, Codepen or JSBin allow you to upload your own pure js file) therefor the only way to see the bug in action, is to place a breakpoint in line 10123 in the jQuery file in JSFiddle (jquery-3.5.1.js), turn **s.crossDomain** to **false** (in order not to disable the converted) and right after the `if(s.crossDomain)` is skipped turn **s.crossDomain** back to true (in order for the request to be completed without errors). And that is it! You will see how the script executes on it's own, with globalEvaluate. Some might argue this is a feature. But I disagree: doing things * you are not requested * not stated in Documentation * and which are not **absolutely** logical (and therefor expected) is **not** a thing to do. - I want to load a javascript file as string/text. Oh, yeah, it makes perfect sense, I have to disable a converter... - Or, I want to load a javascript file in my document, and have it executed. Wait, don't do anything, just fetch it, it makes perfect sense that a javascript file fetched should be nailed to my html page, because.. you never know, you might need it **right now**... It makes no sense.
      author:
         url:https://github.com/AlexanderTheGr8-gr
         type:Person
         name:AlexanderTheGr8-gr
      datePublished:2021-01-03T22:39:38.000Z
      interactionStatistic:
         type:InteractionCounter
         interactionType:https://schema.org/CommentAction
         userInteractionCount:5
      url:https://github.com/4822/jquery/issues/4822
      context:https://schema.org
      headline:jQuery ajax automatically evaluates (runs) script file
      articleBody:### What do you expect to happen? ### When I fetch a JavaScript file with jQuery, for example with $.get(...) I do **NOT** expect it to run on load. \* I expect to get my data as a string (unless specified otherwise). ### What actually happens? ### When I fetch a JavaScript file with $.get(...) from **THE SAME** domain \*\*\* , then the script is auto-evaluated. Which means the jQuery converted set in jQuery.ajaxSettings.converters['text script'] jumps into place, and does ugly things, it actually runs the JavaScript code in the file.... while running the code of **$.get(...)** ... \* Since this "auto-run" functionality which is accompliced with eval\*\* is not stated in the documentation, I suppose no-one else expects it to happen either. ```javascript ** converters: { "text script": function( text ) { jQuery.globalEval( text ); return text; } } ``` \*\*\* because hey, someone thought we should consider security and prevented auto-runing cors scripts, and thus I can not setup an example online... The code preventing it is this bellow, and as you can see, it already hints: "auto-execution of scripts", which should not be part or a simple $.get(...) request... ```javascript // Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432) jQuery.ajaxPrefilter( function( s ) { if ( s.crossDomain ) { s.contents.script = false; } } ); ``` ### About conversions making sense ### * It's expected that when the file is json, I would need my data parsed, so a converter was added there, because **when** I actually come to **use** my data, I will need them as javascript objects. * But with a Javascript file, we can't have javascript in any other more useful form than string, unless we were to run it... And who would need javascript files to be run **on fetch**, since at fetch time, it is jQuery code, which means code execution is way before we come to the point of using -with our own code- that which was fetched (the javascript code)... ### Link to test case ### https://jsfiddle.net/a3quxb24/1/ Take a not though, as I said before the only way to stumble upon this "auto-run" js on file fetch is to have the js file in the same domain where the $.get is executed. And since the test code and the javascript file can not be in the same domain in my example (To my knowledge, nor JSFiddle, Codepen or JSBin allow you to upload your own pure js file) therefor the only way to see the bug in action, is to place a breakpoint in line 10123 in the jQuery file in JSFiddle (jquery-3.5.1.js), turn **s.crossDomain** to **false** (in order not to disable the converted) and right after the `if(s.crossDomain)` is skipped turn **s.crossDomain** back to true (in order for the request to be completed without errors). And that is it! You will see how the script executes on it's own, with globalEvaluate. Some might argue this is a feature. But I disagree: doing things * you are not requested * not stated in Documentation * and which are not **absolutely** logical (and therefor expected) is **not** a thing to do. - I want to load a javascript file as string/text. Oh, yeah, it makes perfect sense, I have to disable a converter... - Or, I want to load a javascript file in my document, and have it executed. Wait, don't do anything, just fetch it, it makes perfect sense that a javascript file fetched should be nailed to my html page, because.. you never know, you might need it **right now**... It makes no sense.
      author:
         url:https://github.com/AlexanderTheGr8-gr
         type:Person
         name:AlexanderTheGr8-gr
      datePublished:2021-01-03T22:39:38.000Z
      interactionStatistic:
         type:InteractionCounter
         interactionType:https://schema.org/CommentAction
         userInteractionCount:5
      url:https://github.com/4822/jquery/issues/4822
Person:
      url:https://github.com/AlexanderTheGr8-gr
      name:AlexanderTheGr8-gr
      url:https://github.com/AlexanderTheGr8-gr
      name:AlexanderTheGr8-gr
InteractionCounter:
      interactionType:https://schema.org/CommentAction
      userInteractionCount:5
      interactionType:https://schema.org/CommentAction
      userInteractionCount:5

External Links {🔗}(3)

• What's the income of https://github.blog?
• Get to know what's the income of https://jsfiddle.net/a3quxb24/1/
• What's the total monthly financial gain of https://www.githubstatus.com/?

Analytics and Tracking {📊}

• Site Verification - Google

Libraries {📚}

• Clipboard.js
• D3.js
• jQuery
• Lodash

Emails and Hosting {✉️}

Mail Servers:

• aspmx.l.google.com
• alt1.aspmx.l.google.com
• alt2.aspmx.l.google.com
• alt3.aspmx.l.google.com
• alt4.aspmx.l.google.com

Name Servers:

• dns1.p08.nsone.net
• dns2.p08.nsone.net
• dns3.p08.nsone.net
• dns4.p08.nsone.net
• ns-1283.awsdns-32.org
• ns-1707.awsdns-21.co.uk
• ns-421.awsdns-52.com
• ns-520.awsdns-01.net