我有个AJAX问题:可以在AJAX响应中发送JavaScript并执行它吗? 我正在寻找处理AJAX请求的最佳方法,这些请求会导致根据用户数据插入HTML或执行JavaScript。
No it's ok to do so, in jQuery $.getScript do just that, it get the file via ajax and then evaluate it. Which is why no script tags are ever added when using getScript
Executing javascript received by an ajax call is a bad idea as this can lead to XSS style attacks (eval is evil and all that jazz).
An AJAX response is best served up in JSON format and then the client side scripting can act in accordance with the JSON it receives.
I would think that the JavaScript function that would be executed after the AJAX response would be standard for everyone aside from some variable. If that is the case, you should include the JavaScript function in your scripts file that gets loaded normally in the . Then have the AJAX response come back with the variable that you need, like the user ID. Then use that variable to call the JavaScript function normally instead of injecting a new function each time.
If HTML is returned you can insert it directly into the DOM on a successful AJAX request.
I think the way to go would be to always return JSON even if it's an HTML response. The JSON response could be something like:
{"responseType":"HTML", "varID":null, "payload":"<div>some html</div>"}
If the response were type JS then the varID could have that variable and the payload could be null. That's just an example but you could do something similar to standardize the response but handle both scenarios.