0

The script does window.open('',...) and then writes xmlhttp.responseText by doing innerHTML=xmlhttp.responseText, but the script doesn't load.

user583311
  • 265
  • 3
  • 6
  • 13

3 Answers3

2

Typically, you would get the xmlhttp request response as pure Javascript and then use the Javascript eval() function:

function callback() {
    var result = xmlHttp.responseText;
    eval(result);
}

In this case, you would NOT treat it as HTML. Instead, you would return pure code. The difference:

Don't do this in your page you call

<script type="text/javascript">
alert('xmlhttprequest loaded!');
</script>

Do this instead

alert('xmlhttprequest loaded!');

So that, in effect this is what happens:

function callback() {
    var result = xmlHttp.responseText;
    eval("alert('xmlhttprequest loaded!');");
}

But you don't want this to happen:

function callback() {
    var result = xmlHttp.responseText;
    eval("<script>alert('xmlhttprequest loaded!');</script>");
}

There are some issues associated with doing it this way, such as eval can be slow. Google javascript eval to see what others have to say.

=== EDIT ===

Using a DOM method as opposed to xmlhttprequest may actually be what the original poster is needing to do here, which is load a Google captcha code dynamically.

<html>
<head></head>
<body>
<script type="text/javascript">

var head = document.getElementsByTagName('head')[0];
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = "http://google.com/captcha/location";
head.appendChild(script);

</script>
</body>
</html>

Additionally, if you need it to land somewhere, you can do something like:

<html>
<head></head>
<body>
<div id="captcha">
</div>
<script type="text/javascript">

var captcha = document.getElementById('captcha');
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = "http://google.com/captcha/location";
captcha.appendChild(script);

</script>
</body>
</html>
Jared Farrish
  • 48,585
  • 17
  • 95
  • 104
  • I think this is not solving the problem. I am to have an tag that opens a new windows, prompts the google-recaptcha query and then shows a text if captcha correct. I choose to get the google-recaptcha code, that contains javascript, by xmlhttprequest and the insert it by innerHTML. The is is there, but doesn't load and the recaptcha doesn't appear. – user583311 Jan 23 '11 at 18:29
  • You're up against the security model of the browser if you do it that way. You have to load the javascript either through a native page load (using a script tag that embeds the code within the page or references a .js file with the code located there), or you need to eval() the code. The browser is blocking you loading the script tag to prevent malicious or unwanted code loading after page load. If you can post the content of the xmlhttprequest that you are trying to work with, that would help find a solution to your problem. – Jared Farrish Jan 23 '11 at 18:40
  • Well, technically you can also use DOM methods to document.createElement('script') and then load through the src attribute. This still doesn't resolve your issue, however. One other method *may* be to use the old document.write('..html..including.. – Jared Farrish Jan 23 '11 at 19:01
  • I try document.write and I got the javascript in plain text on the webpage. – user583311 Jan 23 '11 at 19:08
  • When I paste the generated code in a simple .html page, the JavaScript runs well. So, why can't a new window be created with window.open('',...) and already with the source code fixed. because the problems seems that the browser refuses to load post inserted , right? But is OK and loads present in the initial moment!? – user583311 Jan 23 '11 at 19:11
  • The no loading part of the xmlHttp.responseText is – user583311 Jan 23 '11 at 19:13
  • Ok, so you load your main page. At some point, the user interacts with the page in such a way as to trigger a window.open() call, which loads another page in a new window. Within this window, you do an xmlhttprequest to load the Google captcha that allows you to validate the captcha within a roundtrip (reloading or loading the full window with the captcha). It's this last step that is not working. Is that what is going on? – Jared Farrish Jan 23 '11 at 19:15
  • xmlhttp.responseXML makes any difference? – user583311 Jan 23 '11 at 19:16
  • Also, your comment with the recaptcha src didn't make it through intact. – Jared Farrish Jan 23 '11 at 19:16
  • – user583311 Jan 23 '11 at 19:32
  • Is the html you're trying to post what you are literally trying to get to load from xmlhttprequest? Also, just post the src="" attribute link. – Jared Farrish Jan 23 '11 at 19:36
  • Yes, Google captcha code is in the source but is not loading, and the captcha form doesn't appear. – user583311 Jan 23 '11 at 19:36
  • So you're trying to load a – Jared Farrish Jan 23 '11 at 19:46
  • Thank you very much. I tried. Same problem. Code present, but no captcha. I am going to try a different approach. – user583311 Jan 23 '11 at 20:14
  • I agree, it doesn't sound like an xmlhttprequest issue at this point. You might try a coding forum that helps out with the Google API and/or captcha setup. – Jared Farrish Jan 23 '11 at 20:20
1

Take a look at this write-up

 eval(xmlhttp.responseText);
Tr1stan
  • 2,755
  • 1
  • 26
  • 45
0

You might want to eval the responseText in the javascript.

You might want to make sure that the responseText comes from your own server-side system, to avoid XSS attacks.

Satya
  • 4,458
  • 21
  • 29