0

The script does window.open('',...) and then writes xmlhttp.responseText by doing innerHTML=xmlhttp.responseText, but the script doesn't load.

Improve this question

3 Answers 3

Reset to default
2

Typically, you would get the xmlhttp request response as pure Javascript and then use the Javascript eval() function:

function callback() {
    var result = xmlHttp.responseText;
    eval(result);
}

In this case, you would NOT treat it as HTML. Instead, you would return pure code. The difference:

Don't do this in your page you call

<script type="text/javascript">
alert('xmlhttprequest loaded!');
</script>

Do this instead

alert('xmlhttprequest loaded!');

So that, in effect this is what happens:

function callback() {
    var result = xmlHttp.responseText;
    eval("alert('xmlhttprequest loaded!');");
}

But you don't want this to happen:

function callback() {
    var result = xmlHttp.responseText;
    eval("<script>alert('xmlhttprequest loaded!');</script>");
}

There are some issues associated with doing it this way, such as eval can be slow. Google javascript eval to see what others have to say.

=== EDIT ===

Using a DOM method as opposed to xmlhttprequest may actually be what the original poster is needing to do here, which is load a Google captcha code dynamically.

<html>
<head></head>
<body>
<script type="text/javascript">

var head = document.getElementsByTagName('head')[0];
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = "http://google.com/captcha/location";
head.appendChild(script);

</script>
</body>
</html>

Additionally, if you need it to land somewhere, you can do something like:

<html>
<head></head>
<body>
<div id="captcha">
</div>
<script type="text/javascript">

var captcha = document.getElementById('captcha');
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = "http://google.com/captcha/location";
captcha.appendChild(script);

</script>
</body>
</html>
Improve this answer
Sign up to request clarification or add additional context in comments.

15 Comments

I think this is not solving the problem. I am to have an <a> tag that opens a new windows, prompts the google-recaptcha query and then shows a text if captcha correct. I choose to get the google-recaptcha code, that contains javascript, by xmlhttprequest and the insert it by innerHTML. The is is there, but doesn't load and the recaptcha doesn't appear.
You're up against the security model of the browser if you do it that way. You have to load the javascript either through a native page load (using a script tag that embeds the code within the page or references a .js file with the code located there), or you need to eval() the code. The browser is blocking you loading the script tag to prevent malicious or unwanted code loading after page load. If you can post the content of the xmlhttprequest that you are trying to work with, that would help find a solution to your problem.
Well, technically you can also use DOM methods to document.createElement('script') and then load through the src attribute. This still doesn't resolve your issue, however. One other method may be to use the old document.write('..html..including..<script>..tag..'), but there is a reason why ad servers go to so much trouble to obscure the document.write('<sc'+'ri'+'pt></sc'+'ri'+'pt>') tag within the html they load dynamically. These techniques are not nearly as useful as separating the html from the javascript and loading the javascript using eval or a separate page call on callback.
I try document.write and I got the javascript in plain text on the webpage.
When I paste the generated code in a simple .html page, the JavaScript runs well. So, why can't a new window be created with window.open('',...) and already with the source code fixed. because the problems seems that the browser refuses to load post inserted <script>...</script>, right? But is OK and loads <script>...</script> present in the initial moment!?
|
1

Take a look at this write-up

 eval(xmlhttp.responseText);
Improve this answer

1 Comment

Relevant: stackoverflow.com/a/25406725/4907950
0

You might want to eval the responseText in the javascript.

You might want to make sure that the responseText comes from your own server-side system, to avoid XSS attacks.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.