Menu
I need to execute a custom piece of JavaScript I got from some AJAX call. I could do an eval of the string or I could just append it in a script-tag to the DOM. Which method would be better?
var dynamicScript = 'alert(\'Hello world!\');'; Method 1 - Script:
var x = '<script type="text/javascript">' + dynamicScript +'</scr' + 'ipt>'; $(document.body).append(x); Method 2 - Eval:
eval(dynamicScript); What method is better and why? Or is there an ever better alternative?
333
I prefer eval, because it's generally faster than creating a script tag, and appending it (especially if you wanted to create and insert it using jQuery).
Side note (useful application of a script tag) I also use the script-tag-insertion method: In Google Chrome's extensions, injecting script-tags is the only way to run code in the scope of a page, because the window object is sandboxed.
PS. Notion of jQuery.getScript(). This method might be useful.
79
Neither method is really that good for what you're doing. Your AJAX call should be returning data not serialized scripts. Both of your methods open you up to script injection.
eval should be avioded at all costs. It's slow and dangerous, eval is evil
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
