Geek Answers Handbook

If the ajax request contains a piece of javascript code, should I expect it to execute?

If the ajax request contains a piece of javascrpt code, should I expect it to execute?

for example, if an ajax request brings another ajax request and puts it back on the page, how can I make it work?

$("select#select_host").change(function(){ $.ajax({ url: '<?php echo $sn; ?>/admini/list/is_active/'+$(this).val(), type: 'get', asynch: 'false', dataType: 'text' , success: function(response) { $("#list_hosts").html(response); } }); });
+4
source share
4 answers

The technique you are talking about is called JSONP and is used all the time to bypass a policy of the same origin .

What you will do will basically insert <script> tags with actual Javascript into an AJAX call.

Hope he points you in the right direction.

+1
source

To paraphrase Ian Malcolm, it is not so much whether you can do it.

There are two ways to execute the code that came from the server, and usually it depends on where the code is from.

Javascript has a function called eval() that takes a string and executes it as Javascript. The main problem is that you cannot be sure what this string contains. In the world of Internet security, most people will argue that you can never be sure of the incoming data, and therefore you should never use eval for incoming data.

Another JSONP method. This method allows you to retrieve data from remote sources. It does this by creating a <SCRIPT> tag that pulls out remote Javascript. Your JSONP source call usually includes a callback function that is called when JSONP data is received, giving your local code access to it.

Not knowing exactly what you want to achieve, I do not want to make any assumptions, but let me make some suggestions.

Calling code on demand from the server can be a bit heavy. I cannot think of many scripts (read-any), in which the best approach would be to call special functions from the server. However, I can imagine a scenario in which you have a large set of potential functions that you can perform, and you do not want to download them to the browser at the same time. I would suggest two approaches:

  • Perform functions on the server. Just send the data to the server in some format and return the result. Leave the processing on the server
  • If you need a function that is currently not available in the browser, download the script file containing this function, then call the function in your Javascript. Think of these files as dynamically loaded libraries that you call when and when you need them. You are limited to your own server using this method, which improves security (if you believe that your own server will not send malicious code.

In short, I would say that a design that requires you to immediately take text from the server and execute it as code can indicate a problem in this project. But you did not come here to review the design, so I hope these suggestions help you find a good approach.

+1
source

Generally, you should be able to call "eval ()" with the resulting data as a parameter, and it will run the code. HOWEVER, the use of eval is greatly discouraged for security reasons. For example, remember NEVER EVER evaluate the code that you receive from the user.

You must learn other ways of doing what you want to do.

0
source

You have several ways to get to the goal. I would advise you to take a closer look at jQuery.live . With the .live handler, you don't need to evaluate the return code again. This is done using jQuery. My second tip: use JSON. With PHP, you can return the json_encode () array and use the array through jQuery.each. That way you can write a list without eval (); -)

 ("select#select_host").change(function(){ var data = {'is_active':$(this).val()}; // Use jquery.post, itΒ΄s simple and plain jQuery.post('/admini/list', data, function (JSON) { jQuery.each(JSON.data, function(key, list) { $("#list_hosts").append('<li>'+list+'</li>'); }); }, "json");
0
source

More articles:


All Articles