I'm using ASP.NET MVC and Microsoft AJAX to create an AJAX form using this following syntax:
using (Ajax.BeginForm()) { ... }
This works fine if the user clicks a submit button. However, I also need to programmatically submit the form. The problem is, the way MS AJAX works (for reasons that escape me) is that it puts the submit action in the onsubmit attribute instead of registering an event:
<form onsubmit="Sys.Mvc.AsyncForm.handleSubmit(..."
method="post" action="/Search/SearchForClients">
The reason this is a problem is that if you use jQuery to submit a form programmatically (i.e. $('form').submit()), the contents of the onsubmit attribute doesn't get called.
Fortunately, I found a workaround at this site that tells you to basically eval the contents of the onsubmit attribute and add it as an event handler:
$("form").submit(function(event) {
eval($(this).attr("onsubmit")); return false;
});
So, my question is: are there any security issues I should be aware of when doing this? It seems like it should be OK to me, but I want to be sure before I start adding evals to my code.