diff --git a/common/core/SA-CORE-2018-001.patch b/common/core/SA-CORE-2018-001.patch
index 77df8b092cd1e0ed33a206f5f3131d0beb659c43..741f3eb4fd6e69ad37386d7cf968eb67f3071e5e 100644
--- a/common/core/SA-CORE-2018-001.patch
+++ b/common/core/SA-CORE-2018-001.patch
@@ -12,7 +12,7 @@ index 9a28c06..a5c362d 100644
  
    // May need language dependent rewriting if language.inc is present.
 diff --git a/misc/drupal.js b/misc/drupal.js
-index a85b8f8..5ef493b 100644
+index a85b8f8..fd68051 100644
 --- a/misc/drupal.js
 +++ b/misc/drupal.js
 @@ -20,6 +20,42 @@
@@ -44,7 +44,7 @@ index a85b8f8..5ef493b 100644
 +      // @todo Consider backporting code from newer jQuery versions to check for
 +      //   a cross-domain request here, rather than using Drupal.urlIsLocal() to
 +      //   block scripts from all URLs that are not on the same site.
-+      if (!type && !Drupal.urlIsLocal(s.url)) {
++      if (!type && (!s || !Drupal.urlIsLocal(s.url))) {
 +        var content_type = xhr.getResponseHeader('content-type') || '';
 +        if (content_type.indexOf('javascript') >= 0) {
 +          // Default to a safe data type.