From 82f29a86045346d85284e7bbe251a3a845052d9e Mon Sep 17 00:00:00 2001
From: Kuitos <kuitos.lau@gmail.com>
Date: Fri, 25 Mar 2022 12:17:49 +0800
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20filter=20inexecutable=20script=20fo?=
 =?UTF-8?q?r=20dynamic=20import=20scenario=20(#2011)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/sandbox/patchers/dynamicAppend/common.ts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/sandbox/patchers/dynamicAppend/common.ts b/src/sandbox/patchers/dynamicAppend/common.ts
index e4e1677..edf9a36 100644
--- a/src/sandbox/patchers/dynamicAppend/common.ts
+++ b/src/sandbox/patchers/dynamicAppend/common.ts
@@ -19,6 +19,15 @@ const SCRIPT_TAG_NAME = 'SCRIPT';
 const LINK_TAG_NAME = 'LINK';
 const STYLE_TAG_NAME = 'STYLE';
 
+export function isExecutableScriptType(script: HTMLScriptElement) {
+  return (
+    !script.type ||
+    ['text/javascript', 'module', 'application/javascript', 'text/ecmascript', 'application/ecmascript'].indexOf(
+      script.type,
+    ) !== -1
+  );
+}
+
 export function isHijackingTag(tagName?: string) {
   return (
     tagName?.toUpperCase() === LINK_TAG_NAME ||
@@ -206,7 +215,7 @@ function getOverwrittenAppendChildOrInsertBefore(opts: {
         case SCRIPT_TAG_NAME: {
           const { src, text } = element as HTMLScriptElement;
           // some script like jsonp maybe not support cors which should't use execScripts
-          if (excludeAssetFilter && src && excludeAssetFilter(src)) {
+          if ((excludeAssetFilter && src && excludeAssetFilter(src)) || !isExecutableScriptType(element)) {
             return rawDOMAppendOrInsertBefore.call(this, element, refChild) as T;
           }