JavaScript Execution in Ajax loaded fragments
7 views
Skip to first unread message
skip
May 14, 2010, 8:14:54 AM5/14/10
to iPhoneWebDev
A number of folks have asked how to make javascript execute inside
fragments which are loaded by Ajax such as is done by the iui
toolkit. An old stale thread refers to this.
http://groups.google.com/group/iphonewebdev/browse_thread/thread/f4ca5e9698848209/94bd63a5b591b79b?lnk=gst&q=javascript+execution#94bd63a5b591b79b
We do this routinely and have received several requests for public
URLs to see samples. Unfortunately our servers are all behind a
pretty tight firewall but I have prepared a package which is just a
small modification of the original iui demo sample package and which
shows the js execution in action. The zip file is about 400K and if
anyone wants to host the demo or just receive the package leave a note
on this forum and I will mail it to them.
Skip
--
You received this message because you are subscribed to the Google Groups "iPhoneWebDev" group.
To post to this group, send email to iphone...@googlegroups.com.
To unsubscribe from this group, send email to iphonewebdev...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/iphonewebdev?hl=en.
fragments which are loaded by Ajax such as is done by the iui
toolkit. An old stale thread refers to this.
http://groups.google.com/group/iphonewebdev/browse_thread/thread/f4ca5e9698848209/94bd63a5b591b79b?lnk=gst&q=javascript+execution#94bd63a5b591b79b
We do this routinely and have received several requests for public
URLs to see samples. Unfortunately our servers are all behind a
pretty tight firewall but I have prepared a package which is just a
small modification of the original iui demo sample package and which
shows the js execution in action. The zip file is about 400K and if
anyone wants to host the demo or just receive the package leave a note
on this forum and I will mail it to them.
Skip
--
You received this message because you are subscribed to the Google Groups "iPhoneWebDev" group.
To post to this group, send email to iphone...@googlegroups.com.
To unsubscribe from this group, send email to iphonewebdev...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/iphonewebdev?hl=en.
Sean Gilligan
May 15, 2010, 2:45:03 AM5/15/10
to iphone...@googlegroups.com
skip wrote:
> I have prepared a package which is just a
> small modification of the original iui demo sample package and which
> shows the js execution in action. The zip file is about 400K and if
> anyone wants to host the demo or just receive the package leave a note
> on this forum and I will mail it to them.
>
Thanks, Skip!
> I have prepared a package which is just a
> small modification of the original iui demo sample package and which
> shows the js execution in action. The zip file is about 400K and if
> anyone wants to host the demo or just receive the package leave a note
> on this forum and I will mail it to them.
>
I suggest creating an issue in the Issues DB and attaching the zip
there. I might even add it to the samples in the distro.
I should mention that I started an iUI Extension for loading JavaScript
via Ajax. It's in Hg (Mercurial) here:
http://code.google.com/p/iui/source/browse/#hg/web-app/iui/ext-sandbox/jit-loader
There is a demo/test online here:
http://iui-js.appspot.com/iui/ext-sandbox/jit-loader/test-jit-loader.html
There are several approaches to loading JS and I don't know which one is
best. I'd love feedback. The iUI extension mechanism is flexible
enough so that there could be multiple extensions using different methods.
-- Sean
QuickConnect
May 15, 2010, 12:20:10 PM5/15/10
to iPhoneWebDev
I know that there are many Javascript libraries that use Javascript to
load additional remote Javascript. In fact 5 years ago I wrote a
library to not only to do that but to do lazy loading of the
Javascript as it was needed.
After getting this all to work I stopped development and have never
used it in production code. I realized that what I was doing opened
huge security holes for cross site scripting attacks.
I avoid using such libraries that use Javascript for this reason.
Can you load Javascript via AJAX and get it to run? Yes. It isn't
even hard.
Should you???????
I say no. It is too insecure.
Lee
On May 14, 6:14 am, skip <skip...@ozemail.com.au> wrote:
> A number of folks have asked how to make javascript execute inside
> fragments which are loaded by Ajax such as is done by the iui
> toolkit. An old stale thread refers to this.http://groups.google.com/group/iphonewebdev/browse_thread/thread/f4ca...
load additional remote Javascript. In fact 5 years ago I wrote a
library to not only to do that but to do lazy loading of the
Javascript as it was needed.
After getting this all to work I stopped development and have never
used it in production code. I realized that what I was doing opened
huge security holes for cross site scripting attacks.
I avoid using such libraries that use Javascript for this reason.
Can you load Javascript via AJAX and get it to run? Yes. It isn't
even hard.
Should you???????
I say no. It is too insecure.
Lee
On May 14, 6:14 am, skip <skip...@ozemail.com.au> wrote:
> A number of folks have asked how to make javascript execute inside
> fragments which are loaded by Ajax such as is done by the iui
skip
May 15, 2010, 6:30:13 PM5/15/10
to iPhoneWebDev
I guess if your code invites loading URLs from other sites that would
certainly be a point Lee. Some folks seem to want to do it and
although you point out that it is not hard they claim they are having
trouble. Hence the little demo. Our own apps are hardened in other
ways and are not accessible to the "hostile world" but we seriously
need features like useability, convenience and interoperability so we
trade off - in many different senses. Have you worked out how to
provide the equivalent functionality inside tools like iui without the
security risk?
I'll send the little demo to Sean and he can do as he likes.
Thanks for the suggestion.
On May 16, 2:20 am, QuickConnect <barney....@gmail.com> wrote:
> I know that there are many Javascript libraries that use Javascript to
> load additional remote Javascript.
certainly be a point Lee. Some folks seem to want to do it and
although you point out that it is not hard they claim they are having
trouble. Hence the little demo. Our own apps are hardened in other
ways and are not accessible to the "hostile world" but we seriously
need features like useability, convenience and interoperability so we
trade off - in many different senses. Have you worked out how to
provide the equivalent functionality inside tools like iui without the
security risk?
I'll send the little demo to Sean and he can do as he likes.
Thanks for the suggestion.
On May 16, 2:20 am, QuickConnect <barney....@gmail.com> wrote:
> I know that there are many Javascript libraries that use Javascript to
> load additional remote Javascript.
It isn't
> even hard.
>
> Should you???????
>
> I say no. It is too insecure.
>
> Lee
>
> even hard.
>
> Should you???????
>
> I say no. It is too insecure.
>
> Lee
>
Reply all
Reply to author
Forward
0 new messages