跨域注入JQuery
使用 JsonP 注入 JQuery 的脚本安全吗?
我的网络应用程序的安装是 - 将脚本添加到客户的网站(如谷歌分析)。我正在考虑在客户的网站上使用 JQuery,作为我自己注入脚本的一部分。
我想知道,是否存在某种风险? 该应用程序需要支持任何类型的网站。
谢谢 亚龙
Is it safe to inject JQuery's script using JsonP?
The installation of my web application is - adding a script to a customer's website (like google analytics). I was thinking of using JQuery on the customer's website, as part of my own injected script.
I was wondering, if there is some kind of risk?
The application needs to support any kind of website.
Thank you
Yaron
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
很难说你在用你的库做什么,但似乎你正在构建某种类型的小部件以在多个站点上使用。
在@K Prime 的启发性评论让我研究如何在需要时包含两个 jQuery 副本之后,从这里开始进行了更新:
使用 jQuery 通常是不好的如果您正在构建一个小部件,该小部件将位于您控制范围之外的网站上,并且将通过“复制此嵌入代码并粘贴到您的网站”类型的功能添加到该网站。 (当然,jQuery 小部件和插件比比皆是,但这些通常是由开发人员选择和安装/实现的,而不是通用的“复制粘贴”小部件类型实现)
可能是最大的原因(在意识到您< em>可以在同一页面上运行两个 jQuery 副本)是文件大小增加。是否有保证将取决于您的特定需求和功能。简单的小部件=直接的JS。复杂的网站前端扩展,那么可能值得增加文件大小。
要正确包含它(这样您就不会在其网站上遇到冲突),请遵循如下所示的工作流程:
var mywidget_jQuery = $.noConflict( true );这将恢复$的原始含义 和 恢复window 的原始含义.jQuery.JS
现在,您可以在特殊函数中安全地使用
$并您想要的所有 jQuery 功能都没有问题。额外加分 您可以将步骤 1 和 2 包含在 if 语句中,该语句测试
window.jQuery是否已定义,如果定义了,则测试jQuery.fn.version< /code> 足够高来运行您的代码。如果任一测试失败,则运行步骤 1 和 2。但是,如果通过,则只需运行var mywidget_jQuery = window.jQuery,以便您在步骤 3 中包含的脚本仍将运行。Its hard to tell what you are doing with your library, but it seems you are building some type of widget for use on multiple sites.
From here down has been updated after an enlightening comment from @K Prime caused me research exactly how you could include two copies of jQuery if needed:
It is generally bad to use jQuery if you are building a widget that will live on a site outside your control, and will be added to the site with a "copy this embed code and paste onto your site" type of functionality. (Of course jQuery widgets and plugins abound, but these are normally chosen and installed/implemented by developers not a generic "copy-n-paste" widget type implementation)
Probably the biggest reason (after realizing you can run two copies of jQuery on the same page) is the file size increase. Whether it is warranted will depend on your particular needs and function. Simple small widget = straight JS. Complex website front-end extension, then it probably is worth the file-size increase.
To include it properly (so you don't run into conflicts on their site) follow a workflow that looks something like this:
var mywidget_jQuery = $.noConflict( true );which will restore the original meaning of$and restore the original meaning ofwindow.jQuery.JS
Now, you can safely use
$inside your special function and all the jQuery features you want without issue.Extra credit You could wrap steps 1 and 2 in an if statement that tests if
window.jQueryis defined and if it, test ifjQuery.fn.versionis high enough to run your code. If either test fails, then run steps 1 and 2. If it passes, however, then just runvar mywidget_jQuery = window.jQueryso the script you include in step 3 will still run.您只需添加
但是,请确保调用
jQuery.noConflict()如果他们使用不同的$关键字。You can add jQuery to a website by simply adding a
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.js" />element.However, make sure to call
jQuery.noConflict()in case they use a different$keyword.如果您只是想引用该库,为什么不链接到 Google 代码?
If you're just after a reference to the library, why wouldn't you just link to the API hosted on Google Code?