ansaurus

Question

Insert a script into the DOM that calls AJAX

Answer 1

+1 A:

The problem is that the widget.js script uses document.write to place the HTML for the widget on the page. If document.write is called while the page is still loading, it works fine. However, calling document.write after the page has finished loading will rewrite the entire page.

Here is a quick and dirty hack that will force it to work (tested in FireFox):

$(function(){
    document.write = function(c) { $('#putWidget').append(c) };

   $('#doInsertW').click(function(){
      var wCode = $('#inputWidget').val();
      $('#putWidget').html(wCode);
   });

});

Notice, I'm simply overriding the document.write function after the page is done loading.

Mark Eirich 2010-07-14 18:26:46

I see. That is pretty lame. I am not aware of any solutions to this because it is their code. Know of any work-arounds?

Dale 2010-07-14 18:31:28

@Dale: I just edited my answer to include a workaround.

Mark Eirich 2010-07-14 18:33:12

Wait, I think it would work to do something like this. Create a page where you pass the code to it in the url. Then grab the code from the url and execute it on that page. Passing the code to the page via ajax should return the code after it has rendered, after document.write wrote to the other page.

Dale 2010-07-14 18:36:14

@Mark Eirish: That seems to work. Since I never use document.write myself I think this should be safe enough. Thanks

Dale 2010-07-14 18:38:52

Do you have control over what code is dynamically inserted, or does the user paste it from somewhere off-site? I ask because in Chrome I have to click Insert twice to get it to work. I think the solution may involve modifying the pasted code.

Mark Eirich 2010-07-14 18:38:55

Yeah, we allow them to insert code/widgets from anywhere they may find it on the web. Flash and html widgets work great of course. Its just some of these js ones where they use document.write.

Dale 2010-07-14 18:42:06

Thanks for accepting my solution. However, you should probably do some thorough cross-browser testing. Chrome and Safari require me to click Insert twice before it will work. My suspicion is that it's running `new TWTR.Widget` before it finishes loading widget.js. This may have to do with the way that jQuery executes scripts, or it may be a problem with Webkit. Unfortunately, I don't have the time to fully diagnose (not for free, anyway!).

Mark Eirich 2010-07-14 18:47:24

Also, keep in mind that what you are doing is very unsafe, in that it invites cross-domain scripting hacks. A third-party site could **very easily** offer widget code that steals your user's cookies.

Mark Eirich 2010-07-14 18:50:11

I see, thanks. I will look into all your suggestions. Especially the cookie problem.

Dale 2010-07-14 18:53:38

ansaurus

tags:

views:

answers:

Insert a script into the DOM that calls AJAX

related questions