Doesn't execute javascript code when returned using ajax call.

[perdeepOsingh]

Hi,What I am trying here is that from my first file (request.php) I am making a call to handler.php file using jquery./////////request.php/////////////

<html><head><script src='jquery-1.1.3.1.pack.js' type='text/javascript'></script><script type='text/javascript'>$.post("http://practice.dev/handler.php",	function(data)	{		alert(data);		//document.write(data);		$("#test").append(data);		$("#test").html(data);	});</script></head><body><div id="test"></div></body></html>

/////request.php finished here////////////handler.php////////////////

<?phpecho 'here';?><script type='text/javascript'>alert('hello');</script>

//////////handler.php finished here////Now in firefox it is working fine means it show's alert saying hello, but when I try in IE 7 it doesn't. But if in callback function instead of using append/prepend/html, if I use document.write(data) then it runs the javascript means it displays hello message in IE 7.Anything I am doing wrong? Plz help help?

[justsomeguy]

The responseText property that comes back is just that - text. IE isn't going to notice that it's actually Javascript code and execute it, it's going to treat it as normal text. You may have to use a regular expression to extract the Javascript code from the response and use eval to execute it, or have the response send only Javascript code (no script tags or anything) and eval the whole response. It's obviously a security problem just eval'ing whatever comes back, but there's not really a way to allow "good" code and remove "bad" code. It's all or nothing. So if you want to send back Javascript code to execute it, you need to eval the code.

[perdeepOsingh]

The responseText property that comes back is just that - text. IE isn't going to notice that it's actually Javascript code and execute it, it's going to treat it as normal text. You may have to use a regular expression to extract the Javascript code from the response and use eval to execute it, or have the response send only Javascript code (no script tags or anything) and eval the whole response. It's obviously a security problem just eval'ing whatever comes back, but there's not really a way to allow "good" code and remove "bad" code. It's all or nothing. So if you want to send back Javascript code to execute it, you need to eval the code.

Hi justsomeguy, Thanks for your response. U nailed it, ok i got it eval it as shown below:

if($.browser.msie)	{		try{			var re =/((<[\s\/]*script\b[^>]*>)([^>]*)(<\/script>))/i;			var match;			if(match = re.exec(data)) {				eval(match[3]);			}		}		catch(error){			alert(error);		}	}

now I am facing trouble that suppose there is more than once <script...>....</script> in the data variable in that case what can I do ?

[jesh]

now I am facing trouble that suppose there is more than once <script...>....</script> in the data variable in that case what can I do ?

First, I would recommend modifying your regular expression so that there are only three groups rather than four, to make the search global ("g"), and to use lazy lookups (*?) rather than greedy ones (*):

var re =/(<[\s\/]*?script\b[^>]*?>)([^>]*?)(<\/script>)/gi;

Then, modify the rest like so:

var parts = data.replace(re, "$2|").split("|");for(var i = 0; i < parts.length; i++){	eval(parts[i]);}