if an ajax request brings in a chunk of javascript code, should I expect it to be executable?
if an ajax request brings in a chunk of javascrpt code, should I expect it to execute?
for example, if an ajax request brings in a another ajax request and deposits it in the page, how can i make it functional?
$("select#select_host")开发者_StackOverflow社区.change(function(){
$.ajax({
url: '<?php echo $sn; ?>/admini/list/is_active/'+$(this).val(),
type: 'get',
asynch: 'false',
dataType: 'text' ,
success: function(response) {
$("#list_hosts").html(response);
}
});
});
The technic you're talking about is called JSONP and is used all the time to bypass the same-origin-policy.
What you'll be doing, basically would be to insert <script> tags with actual Javascript per AJAX call.
Hope it points you in the right direction.
To paraphrase Ian Malcolm, it's not so much whether you can, it's whether you should.
There are two ways you can execute code that has come from a server and it generally depends on where that code came from.
Javascript has a function called eval(), which takes a string and executes it as Javascript. The main concern with this is when you can't be sure what that string contains. In the world of Internet security, most people would argue that you can never be sure of incoming data and so you should never use eval on incoming data.
The other method is JSONP. This method allows you to pull data from remote sources. It does this by generating a <SCRIPT> tag which pulls in remote Javascript. Your call to the JSONP source will usually include a callback function that is called upon receipt of the JSONP data, giving your local code access to it.
Without knowing precisely what you wish to achieve, I don't want to make any assumptions, but let me make some suggestions.
Calling code on demand from the server can by a little heavyweight. I can't think of many (read - any) scenario whereby calling bespoke functions from a server would be the best approach. However, I can imagine a scenario whereby you have a large set of potential functions that you might want to execute and you don't want to load them all into the browser at one time. I'd suggest two approaches:
- Perform the functions on the server. Just send you data to the server in some format and have it return a result set. Leave the processing to the server
- If you need a function that you don't currently have available on the browser, load in the script file containing that function, then call the function in your Javascript. Think of those files as Dynamically Loadable Libraries that you call in as and when you need them. You're limited to your own server using this method which improves security (if you trust that your own server isn't going to send malicious code.
In short, I'd argue that a design that requires you to immediately take text from a server and execute it as code may indicate a problem in that design. But you didn't come here for a design review, so hopefully those suggestions will help you find a good approach.
Generally, you should be able to call "eval()" with the resultant data as the parameter, and it will run the code. HOWEVER, using eval is strongly discouraged for security reasons. For example, remember to NEVER EVER evaluate code that you get from the user.
You should look into other ways to do what you want to do.
You have multiple ways to get to the goal. I´d advise you to take a closer look at jQuery.live. With the .live handler you needn´t to evaluate the returning code again. It is done by jQuery. My second advise is: Use JSON. From PHP you can return an array with json_encode() and use the array by jQuery.each. By this, you can write the list, without eval() ;-)
("select#select_host").change(function(){
var data = {'is_active':$(this).val()};
// Use jquery.post, it´s simple and plain
jQuery.post('/admini/list', data, function (JSON) {
jQuery.each(JSON.data, function(key, list)
{
$("#list_hosts").append('<li>'+list+'</li>');
});
}, "json");
加载中,请稍侯......
精彩评论