The script does window.open('',...) and then writes xmlhttp.responseText by doing innerHTML=xmlhttp.responseText, but the script doesn't load.
Can xmlhttp.responseText contain <script type="text/javascript src="..."></script> and load?
Asked Answered
Typically, you would get the xmlhttp request response as pure Javascript and then use the Javascript eval() function:
function callback() {
var result = xmlHttp.responseText;
eval(result);
}
In this case, you would NOT treat it as HTML. Instead, you would return pure code. The difference:
Don't do this in your page you call
<script type="text/javascript">
alert('xmlhttprequest loaded!');
</script>
Do this instead
alert('xmlhttprequest loaded!');
So that, in effect this is what happens:
function callback() {
var result = xmlHttp.responseText;
eval("alert('xmlhttprequest loaded!');");
}
But you don't want this to happen:
function callback() {
var result = xmlHttp.responseText;
eval("<script>alert('xmlhttprequest loaded!');</script>");
}
There are some issues associated with doing it this way, such as eval can be slow. Google javascript eval to see what others have to say.
=== EDIT ===
Using a DOM method as opposed to xmlhttprequest may actually be what the original poster is needing to do here, which is load a Google captcha code dynamically.
<html>
<head></head>
<body>
<script type="text/javascript">
var head = document.getElementsByTagName('head')[0];
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = "http://google.com/captcha/location";
head.appendChild(script);
</script>
</body>
</html>
Additionally, if you need it to land somewhere, you can do something like:
<html>
<head></head>
<body>
<div id="captcha">
</div>
<script type="text/javascript">
var captcha = document.getElementById('captcha');
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = "http://google.com/captcha/location";
captcha.appendChild(script);
</script>
</body>
</html>
I think this is not solving the problem. I am to have an <a> tag that opens a new windows, prompts the google-recaptcha query and then shows a text if captcha correct. I choose to get the google-recaptcha code, that contains javascript, by xmlhttprequest and the insert it by innerHTML. The is is there, but doesn't load and the recaptcha doesn't appear. –
Insignificance
You're up against the security model of the browser if you do it that way. You have to load the javascript either through a native page load (using a script tag that embeds the code within the page or references a .js file with the code located there), or you need to eval() the code. The browser is blocking you loading the script tag to prevent malicious or unwanted code loading after page load. If you can post the content of the xmlhttprequest that you are trying to work with, that would help find a solution to your problem. –
Howbeit
Well, technically you can also use DOM methods to document.createElement('script') and then load through the src attribute. This still doesn't resolve your issue, however. One other method may be to use the old document.write('..html..including..<script>..tag..'), but there is a reason why ad servers go to so much trouble to obscure the document.write('<sc'+'ri'+'pt></sc'+'ri'+'pt>') tag within the html they load dynamically. These techniques are not nearly as useful as separating the html from the javascript and loading the javascript using eval or a separate page call on callback. –
Howbeit
I try document.write and I got the javascript in plain text on the webpage. –
Insignificance
When I paste the generated code in a simple .html page, the JavaScript runs well. So, why can't a new window be created with window.open('',...) and already with the source code fixed. because the problems seems that the browser refuses to load post inserted <script>...</script>, right? But is OK and loads <script>...</script> present in the initial moment!? –
Insignificance
The no loading part of the xmlHttp.responseText is <script type="text/javascript" src="google.com/recaptcha/api/challenge?k=6..."></script> –
Insignificance
Ok, so you load your main page. At some point, the user interacts with the page in such a way as to trigger a window.open() call, which loads another page in a new window. Within this window, you do an xmlhttprequest to load the Google captcha that allows you to validate the captcha within a roundtrip (reloading or loading the full window with the captcha). It's this last step that is not working. Is that what is going on? –
Howbeit
xmlhttp.responseXML makes any difference? –
Insignificance
Also, your comment with the recaptcha src didn't make it through intact. –
Howbeit
<script type="text/javascript" src="google.com/recaptcha/api/challenge?k=6as"> –
Insignificance
Is the html you're trying to post what you are literally trying to get to load from xmlhttprequest? Also, just post the src="" attribute link. –
Howbeit
Yes, Google captcha code is in the source but is not loading, and the captcha form doesn't appear. –
Insignificance
So you're trying to load a <script> tag that is meant to generate the in-page captcha form? If there is no other <html> in this responseText, I don't think you need to use xmlhttprequest to accomplish this. See my edit to the initial response for a DOM method to create a script tag and dynamically load the script source from Google. I believe this should work, depending on some of the other details you're trying to pull off. –
Howbeit
Thank you very much. I tried. Same problem. Code present, but no captcha. I am going to try a different approach. –
Insignificance
I agree, it doesn't sound like an xmlhttprequest issue at this point. You might try a coding forum that helps out with the Google API and/or captcha setup. –
Howbeit
Take a look at this write-up
eval(xmlhttp.responseText);
Relevant: https://mcmap.net/q/245024/-jquery-evaluate-script-in-ajax-response –
Beograd
You might want to eval the responseText in the javascript.
You might want to make sure that the responseText comes from your own server-side system, to avoid XSS attacks.
© 2022 - 2024 — McMap. All rights reserved.