Jump to content

Doesn't execute javascript code when returned using ajax call.


perdeepOsingh
 Share

Recommended Posts

Hi,What I am trying here is that from my first file (request.php) I am making a call to handler.php file using jquery./////////request.php/////////////

<html><head><script src='jquery-1.1.3.1.pack.js' type='text/javascript'></script><script type='text/javascript'>$.post("http://practice.dev/handler.php",	function(data)	{		alert(data);		//document.write(data);		$("#test").append(data);		$("#test").html(data);	});</script></head><body><div id="test"></div></body></html>

/////request.php finished here////////////handler.php////////////////

<?phpecho 'here';?><script type='text/javascript'>alert('hello');</script>

//////////handler.php finished here////Now in firefox it is working fine means it show's alert saying hello, but when I try in IE 7 it doesn't. But if in callback function instead of using append/prepend/html, if I use document.write(data) then it runs the javascript means it displays hello message in IE 7.Anything I am doing wrong? Plz help help?

Link to comment
Share on other sites

The responseText property that comes back is just that - text. IE isn't going to notice that it's actually Javascript code and execute it, it's going to treat it as normal text. You may have to use a regular expression to extract the Javascript code from the response and use eval to execute it, or have the response send only Javascript code (no script tags or anything) and eval the whole response. It's obviously a security problem just eval'ing whatever comes back, but there's not really a way to allow "good" code and remove "bad" code. It's all or nothing. So if you want to send back Javascript code to execute it, you need to eval the code.

Link to comment
Share on other sites

The responseText property that comes back is just that - text. IE isn't going to notice that it's actually Javascript code and execute it, it's going to treat it as normal text. You may have to use a regular expression to extract the Javascript code from the response and use eval to execute it, or have the response send only Javascript code (no script tags or anything) and eval the whole response. It's obviously a security problem just eval'ing whatever comes back, but there's not really a way to allow "good" code and remove "bad" code. It's all or nothing. So if you want to send back Javascript code to execute it, you need to eval the code.
Hi justsomeguy, Thanks for your response. U nailed it, ok i got it eval it as shown below:
if($.browser.msie)	{		try{			var re =/((<[\s\/]*script\b[^>]*>)([^>]*)(<\/script>))/i;			var match;			if(match = re.exec(data)) {				eval(match[3]);			}		}		catch(error){			alert(error);		}	}

now I am facing trouble that suppose there is more than once <script...>....</script> in the data variable in that case what can I do ?

Link to comment
Share on other sites

now I am facing trouble that suppose there is more than once <script...>....</script> in the data variable in that case what can I do ?
First, I would recommend modifying your regular expression so that there are only three groups rather than four, to make the search global ("g"), and to use lazy lookups (*?) rather than greedy ones (*):
var re =/(<[\s\/]*?script\b[^>]*?>)([^>]*?)(<\/script>)/gi;

Then, modify the rest like so:

var parts = data.replace(re, "$2|").split("|");for(var i = 0; i < parts.length; i++){	eval(parts[i]);}

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...