1

I'm using ASP.NET MVC. I have a view that loads contents of a partial view in a section.

Problem is that partial view has some script references in it. so when I load contents of that partial view in the main page, script tags get removed to protect view against script injection attacks.

I have tried different ways to filter script tags out of partial page content and load theme separately but I was unsuccessful.

For example I have tried to filter script tags and append them in the head of main page like this :

 var scripts = $(content).filter('script'); 
 $(scripts).each(function() {
 $('head').append($(this));

I have also tried to load those scripts using $.getscript. The function gets executed nicely but they don't appear in page resource in chrome developer tools. and I cannot use functions inside those scripts.

how can I achieve this ??

Improve this question
2
  • Have you checked what's the value of scripts variable after filter? Are there no errors in console? Commented Apr 24, 2013 at 7:00
  • "scripts" is an array of script objects and if you put "this.src" in foreach statement it gives you complete script tag. There's no error when injection is take place. Commented Apr 24, 2013 at 7:12

1 Answer 1

Reset to default
1

You can move all references of script to Main view or you can use $.ajax "dataType as script" to load script dynamically:

http://docs.jquery.com/Specifying_the_Data_Type_for_AJAX_Requests 

$.ajax({
  dataType : 'script',
  url : 'http://example.com',
  success : function() {
  console.log(a);
  }
});
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

In the ajax call, what should the url look like? Using the filepath from BundleConfig ("~/Scripts/app/UsageReport/AggregatedUsageReport.js") is not working and neither does the path that was in the @Scripts.Render("~/bundles/App/UsageReport"). I have no idea how to include a url that points to the location of the javascript file.
OK. I figured out the url. It is where the file exists relative to the location of the view file (url: "../../Scripts/app/UsageReport/AggregatedUsageReport.js")

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.