How does the getScript jQuery method securely execute dynamically loaded JavaScript?

Question

How does the getScript jQuery method securely execute dynamically loaded JavaScript?

I want to dynamically load a JS file using AJAX and execute it. I refer to this page , which says: "Currently, the preferred way to enter JS code seems to be to use AJAX to load the JS source, then eval () code."

But I'm worried about using eval to execute the script. Just to see how jQuery implements this, I checked its source and found the following:

getScript: function( url, callback ) { return jQuery.get( url, undefined, callback, "script" ); }

Then I searched for the getQuery method. But there are several methods of obtaining. I am new to OOP in JS and don't understand where to look for the correct get method.

I want to know how it executes the script - whether it uses eval or not, and if so, how safe it is.

Can anyone guide me how can I find the correct get method.

+4

jquery security eval

Cracker Jun 06 '11 at 23:33

source share

1 answer

jAndy · Accepted Answer · 2011-06-06T23:44:19+0000

There is nothing to ensure "security" (which is actually impossible to do).
You just upload trusted scripts.

After some delegation, jQuery will call a method called "globalEval" that either runs .execScript() (IE) or the standard window.eval() in the transferred script files. In any case, the script that is executed has access to everything.

How does the getScript jQuery method securely execute dynamically loaded JavaScript?

More articles: