Reputation: 8269
What are the ways to load JavaScript or CSS without executing them?
I'm aware of dynamic script/css loading by adding <style> or <link> tags to head or body of the page, but then it will be executed by browser once downloaded. I was thinking about other ways to download but do not execute javascript/css code. First what comes in my mind was XMLHttpRequest:
//simple execution received script
var executeScript = function(code){
eval(code);
};
//create XMLHttpRequest in cross-browser manner
var xhr = createXMLHTTPObject();
//check whether file is loaded
var checkStatus = function(){
if(xhr.readyState == 4){
if(xhr.status >= 200 && xhr.status < 300 || xhr == 304){
executeScript(xhr.responseText);
}
else {//error
}
}
};
//do request
xhr.open('get','http://podlipensky.com/examples/dynamicscript/hey.js', true);
xhr.onreadystatechange = checkStatus;
xhr.send(null);
But in this case we're limited with scripts from the same domain because of the Same Origin Policy (although we can try workaround it with CORS)
Another approach, I was thinking about is to add dynamically iframe to the page and then add script tag to the iframe, so the script will be executed once it downloaded, but it happens in context of another page - iframe.
Are there any other ways to download and not execute the script?
UPDATE:
One of the reasons why it would be useful to download, but not execute javascript/css is to pre-load third-party libraries, but use them only on demand.
Upvotes: 7
Views: 5487
Answers (4)
Reputation: 8269
Just found out one more option to load script/css asynchronously (without conflicting to SOP) - is to use <object> tag:
<object data="http://podlipensky.com/examples/dynamicscript/hey.js" />
Found this approach here. So I'm just sharing with you my findings, hope it will be useful.
Upvotes: 4
Reputation: 1074999
You can also use an iframe and use the script/css URL as the src of the frame (so it isn't evaluated/applied at all), although you'd want to be sure in that case that the JavaScript/CSS was delivered with Content-Type text/plain to avoid unfortunate things happening with < characters and such. Although you should run into SOP issues with this approach as well, on a decent browser, if the iframe src is from a different origin.
Other than that, I think you largely have it covered with the options you list.
Upvotes: 1
Reputation: 65304
Assuming you control the server that delivers the page, into which you want to load the JS in question, the easiest way is to submit the URL via AJAX to your server, load it from there (e.g. via PHP file_get_contents($url);) and get it back as a result of the AJAX call.
Upvotes: 0
Reputation: 69954
If your script simplty defines a function then it can be executed without actually running anything. Of course, this would require collaboration from both sides ala JSONP
//jsonp
var result = {/*...*/};
//missingnonp
var f = function(){ /**/ };
Upvotes: 0
Related Questions
- How to prevent HTML code from running?
- How to first load/render HTML/CSS and then Javascript (only if it's necessary)?
- Loading CSS before Javascript
- delay the loading of 3rd party javascript
- What is the most ideal way of loading javascript files?
- How to load script content without execution?
- Lazily Load CSS and JS
- Speeding up website - marking scripts/images as optional?
- Is there a way to load javascript files into one file to the page to optimize the site speed?
- What are the best practices for loading javascript with the least amount of impact on display performance of the page?