JS load automatically

JavaScript and client side scripting.

Moderator: General Moderators

Post Reply
wpsd2006
Forum Commoner
Posts: 66
Joined: Wed Jan 07, 2009 12:43 am

JS load automatically

Post by wpsd2006 »

Everybody know js can be load dynamically

using this code :

Code: Select all

function addJS(json) {
    //0 - for id
    //1 - for url
     var head = document.getElementsByTagName('head')[0];
     for( var a = 0; a < json.length; a++ ) {
        var JSAdd = document.createElement('script');
        JSAdd.setAttribute('id',json[a][0]);
        JSAdd.type='text/javascript';
        JSAdd.src = json[a][1];
        head.appendChild(JSAdd);
     }
}
I get a lot of speed benefit since i separate all my js to many file and some of them still messy by loading only the function i need in specific page

I use this function in my intranet application and I'm going to use it in my website soon, my question will there be a security threat using this method ? I understand I can use js minify ( I don't know how to do this ) or apache mod deflate some of them not working in the server site some time. so this is one of them to speed up things.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: JS load automatically

Post by VladSun »

I don't see any security thread here.

I want to share my approach of loading JS code (and JS objects).

Fetch the JS source with XMLHttpRequest and on successful load eval() the response text into a try/catch statement. If it is evaluated successfully an event is fired indicating that the JS is loaded.

This way I know when the JS code is available to the rest of the application.
There are 10 types of people in this world, those who understand binary and those who don't
wpsd2006
Forum Commoner
Posts: 66
Joined: Wed Jan 07, 2009 12:43 am

Re: JS load automatically

Post by wpsd2006 »

i see

I play with js a lot but still not clear regarding js attack / security things.....
is there any ? you know like putting a new script inside other people web.... since they can see this loadJS function that able to load a js file if by giving the src and...

wait it's impossible to happen because the script is client base right, even if they put it there it'll effect only their computer, or is it possible to get some data from it?
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: JS load automatically

Post by jackpf »

The only way someone is going to nick something off your server with js is if it's ajax and the receiving script isn't secured properly.

Just make sure no one can access stuff they shouldn't on the server and it'll be fine.

There's no way to stop people editing your source code.
Post Reply