Menu
I want to dynamically load JS file using AJAX and execute it. I am referring this page which says, "At this time,the preferred way of injecting JS code seems to be to use AJAX to load the JS source, then eval() the code."
But I am worried of using eval to execute the script. Just to see how jQuery implements this I checked its source and found this:
getScript: function( url, callback ) {
return jQuery.get( url, undefined, callback, "script" );
}
Then I searched for jQuery get method. But there are several get methods defined. I am new to OOP in JS and don't understand where to look for the correct get method.
I want to know how it executes the script - whether it uses eval or not and if yes, how is it secure.
Can someone guide me how I can look for the correct get method.
979
There is nothing to ensure "security" (that actually can't be done).
It is on you to just load trusted scripts.
After some delegating, jQuery will call a method called "globalEval" which either runs .execScript() (IE) or a standard window.eval() on the transfered script files. Either way, the script which gets executed has access to anything.
182
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
