I recently ran into a few problems with a third party vendor integration. In order to get a piece of data from them I had to do a cross-domain request, which we implemented using Jason (via jQuery.getScript()).
My concern is that this is equivalent to throwing a script tag with the URL as the source and I have no chance to wrap a try/catch block around the incoming javasript. This seems pretty dangerous, basically we've gone from having a pretty strict same origin policy (with Ajax) to having a free for all load any script from any domain without any control mechanism.
Any way to make this more safe/robust? The issue I had is that my vendor had syntax errors in their script every once in a while, which screwed up the javascript already running on the site. They eventually fixed e开发者_如何学编程verything, but I'd like to know if there's a more robust mechanism for doing this.
I guess since the mechanism for doing this is by inserting a DOM node, there's no way to get around this.
精彩评论