4

If I do an AJAX post with jQuery that looks like 

 $.post('MyApp/GetPostResult.json', function(data) {
    // what goes here?
 });

and the result looks like

{
    "HasCallback": true,
    "Callback": "function(){ alert('I came from the server'); }"
};

Then how do I call the Callback function? Can I just write if(data.HasCallback){data.Callback();} ?

Improve this question

4 Answers 4

Reset to default
2

This should work:

function(data) {
  if(data.HasCallback) {
    eval(data.Callback);
  }
}

Edit: Didn't look quite carefully enough. If you're indeed getting the function() { ... } text, then you need to eval(data.Callback + "()").

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

What exactly does eval do, and where would I find that documentation?
@SLaks, thanks. The "Don't use eval!" section says eval is a security risk. Do you by chance know of any good documentation/resources about when that concern is applicable?
It's a security risk if you can't trust the source of the function text, leaving you vulnerable to XSS. If you're just getting the JS from your server, there's no risk.
@Ben Alpert, the question you should ask is not whether the data comes from the server, but whether the data comes from a trusted source. If your server forwards data from an untrusted source uncritically, then you are still vulnerable to XSS. See en.wikipedia.org/wiki/Confused_deputy_problem
@Mike, that's a good point, but presumably if I am making a client-side call to a server-side function, then I will know how the server is providing the resource.
|
1 
eval("(" + functionDeclarationAsString + ")()");

while functionDeclaractionAsString would be something in the form of function(){ alert('I came from the server'); }

EDIT

The notation (functionReference)(); is used to call a reference to a function. The following would be valid:

(function() { alert('it works'); })();

The following also would be valid:

var my_function = function(param) { alert(param); };
(my_function)('this is a parameter');
Improve this answer

2 Comments

Why are the additional parentheses needed and what role do they play?
the aditional parentheses mean that you want to call the function that is declared within the parentheses
1

It's a better idea to keep code and data separate. To use your example, why not have JSON like this:

{
    "Message": "I came from the server"
}

And in your JavaScript:

$.post('MyApp/GetPostResult.json', function(data) {
    if (data.Message) {
        alert(data.Message);
    }
});
Improve this answer

1 Comment

Because I can maximize code reusability and cutdown on user-interface implementation time by generating the client-side code server-side.
0

You can use the evil eval to execute the given string as code:

if (data.HasCallback) {
  eval("("+data.Callback+"());");
}

The additional parentheses at the end execute your function immediately.

Documented at the evil w3schools

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.