开发者

how to stop script tags from being evaluated when inserted in the DOM using jquery ajax or post

开发者 https://www.devze.com 2022-12-22 10:37 出处:网络
how to stop evaluating script tags in jquery ajax and post responses? Please find the corresponding code below.The function sendForm() is being evaluated even when i am using dataType : \'text\'

how to stop evaluating script tags in jquery ajax and post responses? Please find the corresponding code below.The function sendForm() is being evaluated even when i am using dataType : 'text'

<HTML>
 <HEAD>
 <TITLE>This is the title</TITLE> 
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.1/jquery.min.js" type="text/javascript"></script> 
<SCRIPT> 
function get_info(url,data,callback,errorFunction)
{  
 $.ajax({ type: 'POST',   url: url,   data: data,   success: callback,   dataType: 'text',   error: errorFunction,   cache : false });
} 
</SCRIPT> 
</HEA开发者_C百科D>
<BODY>
<A NAME="this"></A> <A HREF="#this" ONCLICK="get_info('Result1.lasso','temp=1&testParam=Rajesh',function(response){$(document.getElementById('test')).html(response);},function(){$(document.getElementById('test')).html('Error');})">Some Text</A> 
<DIV id = 'test'></DIV>
</BODY>
</HTML>

Result1.Lasso

<script type="text/javascript">
    function sendForm()
    {   
        alert('hi');
    }
</script>
<form name= "abc" method = "get" action = "abcd.lasso">
    <input type ="text" name = "element1"/>
    <input type = "button" value="Click" onClick = "javascript: sendForm();"/>
</form>


The best I can tell the reason the script is being executed is because of this line of code:

$(document.getElementById('test')).html(response)

Since you are adding it in as html you are adding all html elements including script. If you change html() to text() you will NOT execute javascript, but I don't think it will look how you are wanting it to work.

My best suggestion is to use javascript string functions to pull any javascript out of the response string before adding it. This is an okay solution if you have control over the .lasso. If you don't some security issues could occur if your javascript searching is bad.

0

精彩评论

暂无评论...
验证码 换一张
取 消