$http version of jQuery $.getScript or $.ajax dataType: 'script'

[Johnny Hauser]

With jQuery, it will automatically execute scripts loaded via ajax or the shorthand getScript. With angular, should I just use $http.get(src) and eval(response) to make it execute the script? Is there a better way?

[Sander Elias]

Hi Johnny,

Are you sure you are safe enough to do this? Do you use jQuery in the rest of your project? If yes, use jQuery. If no use $http and eval. 

However, once again, are you sure you are safe enough? This is a huge security risk!

Regards

Sander Elias

[Johnny Hauser]

I do have a valid need to get a script via ajax and execute it. No amount of bad javascript can give a person access to my sensitive server information, so I don't seen any reason to label it a security risk, even if I were using eval() on user input, which I'm not. I would note that I decided to make a script tag and use a data uri as the source. I prefer this as it causes the loaded script to appear in the resources tab of the dev tools.

Sander Elias

--
You received this message because you are subscribed to a topic in the Google Groups "AngularJS" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/angular/mqxWCzF9q9M/unsubscribe?hl=en-US.
To unsubscribe from this group and all its topics, send an email to angular+u...@googlegroups.com.
To post to this group, send email to ang...@googlegroups.com.
Visit this group at http://groups.google.com/group/angular?hl=en-US.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Sander Elias]

Hi Johnny,

Good solution! Glad I got the point across that not everything need to be solved inside AngularJS. Once people have chosen a framework, they only look inside that framework for everything. That seems to be the moment they forget that Javascript is a very capable language on its own already! 

Regards

Sander Elias.