javascript 什么是更好的做法:评估或附加脚本?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9129666/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What's the better practice: eval or append script?
提问by Kees C. Bakker
I need to execute a custom piece of JavaScript I got from some AJAX call. I could do an evalof the string or I could just append it in a script-tag to the DOM. Which method would be better?
我需要执行从某个 AJAX 调用中获得的自定义 JavaScript 片段。我可以做一个eval字符串,或者我可以将它附加script到 DOM的-tag 中。哪种方法会更好?
var dynamicScript = 'alert(\'Hello world!\');';
Method 1 - Script:
方法 1 -脚本:
var x = '<script type="text/javascript">' + dynamicScript +'</scr' + 'ipt>';
$(document.body).append(x);
Method 2 - Eval:
方法 2 -评估:
eval(dynamicScript);
What method is better and why? Or is there an ever better alternative?
什么方法更好,为什么?或者有没有更好的选择?
采纳答案by Rob W
I prefer eval, because it's generally fasterthan creating a script tag, and appending it (especially if you wanted to create and insert it using jQuery).
我更喜欢eval,因为它通常比创建脚本标记和附加它更快(特别是如果您想使用 jQuery 创建和插入它)。
Side note (useful application of a script tag) I also use the script-tag-insertion method: In Google Chrome's extensions, injecting script-tags is the only way to run code in the scope of a page, because the windowobject is sandboxed.
旁注(脚本标签的有用应用)我还使用了脚本标签插入方法:在谷歌浏览器的扩展程序中,注入脚本标签是在页面范围内运行代码的唯一方法,因为window对象是沙盒的。
PS. Notion of jQuery.getScript(). This method might be useful.
附注。的概念jQuery.getScript()。这个方法可能有用。
回答by JaredMcAteer
Neither method is really that good for what you're doing. Your AJAX call should be returning data not serialized scripts. Both of your methods open you up to script injection.
这两种方法都不适合你正在做的事情。您的 AJAX 调用应该返回数据而不是序列化脚本。您的两种方法都可以让您进行脚本注入。
evalshould be avioded at all costs. It's slow and dangerous, eval is evil
eval应该不惜一切代价避免。它缓慢而危险,eval 是邪恶的
回答by asawyer
If the ajax call is returning html with script tags, you can use $.load() to import the script.
如果 ajax 调用返回带有脚本标签的 html,您可以使用 $.load() 导入脚本。
回答by Grim...
Add it to the DOM. Reasons (taken from http://ajaxpatterns.org/On-Demand_Javascript):
将其添加到 DOM。原因(取自http://ajaxpatterns.org/On-Demand_Javascript):
The JavaScript will automatically be evaluated in much the same way as JavaScript linked in the static HTML is evaluated when the tag is first encountered. You can declare a bare function or variable without adding it to the window.
JavaScript 将自动以与在第一次遇到标记时评估静态 HTML 中链接的 JavaScript 相同的方式进行评估。您可以声明一个裸函数或变量,而无需将其添加到窗口中。
You can load JavaScript from external domains.
您可以从外部域加载 JavaScript。
The URL points to a specific Javascript resource. With XMLHttpRequest, there's more flexibility: you can, for example, send several JavaScript snippets inside different XML nodes.
URL 指向特定的 Javascript 资源。XMLHttpRequest 具有更大的灵活性:例如,您可以在不同的 XML 节点内发送多个 JavaScript 片段。
The DOM is affected in a different way. Even if the behaviour is transient, the script will be added to the DOM, whereas it would disappear after an XMLHttpRequest callback eval'd it.
DOM 以不同的方式受到影响。即使行为是暂时的,脚本也会被添加到 DOM,而在 XMLHttpRequest 回调对它进行评估后它会消失。
