Javascript In Ajax Response

I've got a general question about AJAX. Is it okay to send JavaScript in an AJAX response and execute it? Or is the only elegant way to respond either with JSON or plain HTML? My p

Solution 1:

I would think that the JavaScript function that would be executed after the AJAX response would be standard for everyone aside from some variable. If that is the case, you should include the JavaScript function in your scripts file that gets loaded normally in the . Then have the AJAX response come back with the variable that you need, like the user ID. Then use that variable to call the JavaScript function normally instead of injecting a new function each time.

If HTML is returned you can insert it directly into the DOM on a successful AJAX request.

I think the way to go would be to always return JSON even if it's an HTML response. The JSON response could be something like:

{"responseType":"HTML", "varID":null, "payload":"<div>some html</div>"}

If the response were type JS then the varID could have that variable and the payload could be null. That's just an example but you could do something similar to standardize the response but handle both scenarios.

Solution 2:

No it's ok to do so, in jQuery $.getScript do just that, it get the file via ajax and then evaluate it. Which is why no script tags are ever added when using getScript

Solution 3:

Executing javascript received by an ajax call is a bad idea as this can lead to XSS style attacks (eval is evil and all that jazz).

An AJAX response is best served up in JSON format and then the client side scripting can act in accordance with the JSON it receives.