Alternatives To Eval For Running Remote Code
Solution 1:
Dynamic script text insertion is the only alternative to eval
.
var head = document.getElementsByTagName('head')[0] || document.documentElement,
nscr = document.createElement('script');
nscr.type = 'text/javascript';
nscr.textContent = o.responseText;
nscr.setAttribute('name', 'dynamically inserted');
nscr.onload = nscr.onreadystatechange = function() {
if( nscr.readyState ) {
if( nscr.readyState === 'complete' || scr.readyState === 'loaded' ) {
nscr.onreadystatechange = null;
doSomethingWithCode();
}
else {
doSomethingWithCode();
}
};
head.insertBefore(nscr, head.firstChild);
Only thing to mention: textContent
is not available in InternetExplorers. You would need to use .text
instead there, so a little detection for that makes it cross-browser compatible.
edit
To have a syncronous
loading dynamic script tag, you could add nscr.async = true;
. Anyway, this only works in cutting edge browsers.
Solution 2:
I would use JSONP in this case. Raymond Camden provides and excellent introduction to the concept.
A quick example of using JSONP in this situation is available at http://playground.itcouldbe9.com/syncjsonp/.
Solution 3:
You can have your code returned wrapped inside a function, and when the request completes, execute that function. For example, this is your remote code:
function hi(){alert('hi');}
And then when your request is complete, you can inject that code into a javascript tag and then call the function hi()
Solution 4:
why not use a callback?
eval('(function(){' + o.responseText + ';})(); doSomethingWithCode();')
EDIT:
OK then try this:
var o = $.ajax({
url: filePath,
dataType: 'html',
async: falsesuccess: function(responseText){
eval('(function(){' + responseText + '})()');
doSomethingWithCode();
});
});
I think the only option left would be polling:
(function(){
if (o.responeText)
doSomethingWithCode();
else
setTimeout(arguments.callee, 13);
})();
Post a Comment for "Alternatives To Eval For Running Remote Code"