通过jQuery包含嵌入脚本加载HTML内容 [英] Loading HTML content containing inline script via jQuery
问题描述
- 在我运行使用涂鸦CMS为本地慈善/服务机构的ASP.NET网站。
- 在该组织的领导者要开始整合第三方后台管理系统,公开为全功能HTML网页的内容。
- 在一个页面中,有关人员名单,使用嵌入式脚本加载图片或占位符(取决于是否有一个图片为特定的人员)。
- 在我创建了一个服务器端代理,使加载从这些页面使用jQuery的
.load()
AJAX功能的内容。 - 在我可以显示使用iframe这些内容很好,但是那种感觉真的很缺憾,而如果含量的大小变化,我可能需要改变iframe的大小以确保它所有显示器(BLECH!)。
- I run an ASP.NET site using Graffiti CMS for a local charitable/service organization.
- The leaders of the organization want to start integrating a third-party back-end management system that exposes content as full HTML pages.
- One of the pages, the officer list, uses inline script to load pictures or placeholders (depending on whether or not there is a picture for the given officer).
- I've created a server-side proxy that enables loading the content from these pages using jQuery's
.load()
AJAX function. - I can display this content fine using an iframe, but that feels really kludgy, and if the size of the content changes, I may need to alter the size of the iframe to ensure it all displays (blech!).
如果我创建一个< DIV>
的涂鸦后,并使用 $(#DIVID)负载(URL)
加载内容,HTML内容加载罚款,但联脚本被剥离出来的,所以无论是官员还是图像占位符的显示方式。
If I create a <div>
in a Graffiti post, and use $("#divid").load(url)
to load the content, the HTML content loads fine, but the inline script is stripped out, so neither the officer images nor the placeholders are displayed.
了解产生这一问题的原因是,jQuery是几乎可以肯定的尝试,以防止潜在的不好的东西去掉了内嵌脚本之前,我把它加载到我的DOM,有没有使用jQuery抓住这个HTML并将其加载到一个方法我的DOM,将preserve剧本,但不开大的安全漏洞?我信任该系统从我加载的内容,如果有差别。
Understanding that the reason for the problem is that jQuery is almost certainly trying to protect against potentially bad stuff by removing the inline script before I load it into my DOM, is there a way using jQuery to grab this HTML and load it into my DOM that will preserve the script, but not open major security holes? I do trust the system from which I'm loading the content, if that makes a difference.
建议?我希望保持这种尽可能简单......什么太复杂,我只是作为小康坚持使用iframe中。
Suggestions? I'm looking to keep this as simple as possible...anything too complex, and I'm just as well off to stick with the iframe.
在此先感谢!
推荐答案
不为我工作...
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title></title>
</head>
<body>
<script src="Scripts/jquery-1.3.2.min.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function() {
var dynamic = 'begin <script type="text/javascript">alert("hello");<\/script> end';
$('#test').html(dynamic);
});
</script>
<div id="test"></div>
</body>
</html>
警报框显示..但如果你将其替换为一个文件撰写
,没有在文件撰写出现...你有开始结束
The alert box is showing.. but if you replace it with a document.write
, nothing in the document.write appears... you have "begin end"
希望这有助于!
这篇关于通过jQuery包含嵌入脚本加载HTML内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!