Page 1 of 1

JS load automatically

Posted: Wed Jul 01, 2009 7:54 pm
by wpsd2006
Everybody know js can be load dynamically

using this code :

Code: Select all

function addJS(json) {
    //0 - for id
    //1 - for url
     var head = document.getElementsByTagName('head')[0];
     for( var a = 0; a < json.length; a++ ) {
        var JSAdd = document.createElement('script');
        JSAdd.setAttribute('id',json[a][0]);
        JSAdd.type='text/javascript';
        JSAdd.src = json[a][1];
        head.appendChild(JSAdd);
     }
}
I get a lot of speed benefit since i separate all my js to many file and some of them still messy by loading only the function i need in specific page

I use this function in my intranet application and I'm going to use it in my website soon, my question will there be a security threat using this method ? I understand I can use js minify ( I don't know how to do this ) or apache mod deflate some of them not working in the server site some time. so this is one of them to speed up things.

Re: JS load automatically

Posted: Thu Jul 02, 2009 3:12 am
by VladSun
I don't see any security thread here.

I want to share my approach of loading JS code (and JS objects).

Fetch the JS source with XMLHttpRequest and on successful load eval() the response text into a try/catch statement. If it is evaluated successfully an event is fired indicating that the JS is loaded.

This way I know when the JS code is available to the rest of the application.

Re: JS load automatically

Posted: Thu Jul 02, 2009 8:20 pm
by wpsd2006
i see

I play with js a lot but still not clear regarding js attack / security things.....
is there any ? you know like putting a new script inside other people web.... since they can see this loadJS function that able to load a js file if by giving the src and...

wait it's impossible to happen because the script is client base right, even if they put it there it'll effect only their computer, or is it possible to get some data from it?

Re: JS load automatically

Posted: Thu Jul 02, 2009 9:19 pm
by jackpf
The only way someone is going to nick something off your server with js is if it's ajax and the receiving script isn't secured properly.

Just make sure no one can access stuff they shouldn't on the server and it'll be fine.

There's no way to stop people editing your source code.