Why I can't write Javascript code inside Ajax reponse text?

Question

the reponseText should be like this on PHP

echo "<script>alert('test')</script>";

But nothing happen. How do I return Javascript code?

possible duplicate of [Calling Javascript function returned from AJAX Response](http://stackoverflow.com/questions/510779/calling-javascript-function-returned-from-ajax-response) — mplungjan, Jul 13 '11 at 05:18
Better: http://stackoverflow.com/questions/5400153/avoiding-eval-when-executing-js-returned-from-ajax-call --- Simple search: http://stackoverflow.com/search?q=execute+javascript+returned+from+ajax — mplungjan, Jul 13 '11 at 05:20

score 1 · Answer 1 · edited Jul 22 '11 at 07:04

An ajax call is up to the caller to decide what to do with it (depending upon what type of data is returned). In this case, if your caller isn't prepared to execute this, then nothing will happen with it. Depending upon what the real code wants to do here, there are a number of different possibilities for handling the returned result from the ajax call.

It could be formatted as JSONP so it calls a function in your main page code to process the returned data. You could return full JS (without the tags) and do an eval() on it after the host page (generally not considered a wise idea due to some security risks) or it could be just added to the current page and let the browser just parse whatever you put in there.

Usually, an Ajax call returns pure data and your host page code processes that data and holds the code for deciding what to do with it. This is the safest mechanism because there's no way for anything that hijaacked a connection to inject code into your page (all it can do is change the data).

score 0 · Answer 2 · answered Jul 13 '11 at 03:59

0

You've returned it as text. Now all you need to do is insert that text onto the page somehow:

document.body.innerHTML += response;

There's a lot going on, and a lot of assumptions made, but that's the simplest way to do it.

(Well, that's not entirely true. The easiest way to do it would be to just return the JavaScript, and then eval it.)

answered Jul 13 '11 at 03:59

sdleihssirhc

42,000
6
53
67

Doing `document.body.innerHTML += response;` has to recreate the entire DOM, and you may lose some data as well. Also, I don't think you can attach a script that way. – user113716 Jul 13 '11 at 04:06
It works in some browsers, not so much in others. (It's interesting that you went with "lose information" before "blindly inserting/evaling scripts is a security risk.") – sdleihssirhc Jul 13 '11 at 04:07
It isn't a security risk when you're the author of the script. – user113716 Jul 13 '11 at 04:08
This will still work. But like I said, there are some assumptions going on. You should try it, and see what happens. (Good advice for life in general, in my opinion.) – sdleihssirhc Jul 13 '11 at 04:12

score 0 · Answer 3 · answered Jul 13 '11 at 04:22

0

here's a simple example. But don't include the <script> tags for this tough

$.ajax({
    type: "GET",
    dataType: "text",
    url: "jsLoader.php",
    success: function(data){
        eval(data);
    }
});

answered Jul 13 '11 at 04:22

Ilia Choly

18,070
14
92
160

1

I'm sorry, did I tag `jQuery`? – oYes Jul 13 '11 at 04:38
2

the main focus of this example was the eval() function. How you do the ajax request does't make a difference. – Ilia Choly Jul 13 '11 at 04:42

Why I can't write Javascript code inside Ajax reponse text?

3 Answers3