在javascript中模仿jsonp

时间:2017-02-18 20:13:41

标签: javascript php jquery 

<script>
  window.addEventListener('load',function(){
    var unique_code="3412313ad"// Initialize it with the unique code provided to you.
    var param1="1"; // Initialize this with the value that you wish to see.For example 1 for navbar display , 2 for the side floating pop up
                  //while 3 for a transparent overlay on the whole page.
    var domain=window.location.hostname;// current domain.
    function jsonp(url, callback) {
    var callbackName = 'jsonp_callback_' + Math.round(100000 * Math.random());
    window[callbackName] = function(data) {
    delete window[callbackName];
    document.body.removeChild(script);
    callback(data);
    };
    var script = document.createElement('script');
    script.src = url + (url.indexOf('?') >= 0 ? '&' : '?') + 'callback=' + callbackName;
    document.body.appendChild(script);
    script.onerror=function(){
      alert("failed to load snippet!");
    }
    }

    jsonp('http://localhost/server.php?unique_code='+unique_code+'&domain='+domain, function(data) {
      alert(data);
    if(data.status=='success'){
      alert('success');
    }else alert(data.reason);
    });
  });
</script>

这是一个模仿jquery的jsonp以从远程服务器获取脚本的代码。

我使用了这个问题中给出的答案JavaScript XMLHttpRequest using JsonP

服务器端代码为

if(isset($_GET['unique_code']) && !empty($_GET['unique_code']) && isset($_GET['domain']) && !empty($_GET['domain'])){
  $unique_code=$_GET['unique_code'];
  $domain=$_GET['domain'];

  $statement=$mysqli->prepare('select * from `snippet_users` where unique_code=? AND domain=?');
  $statement->bind_param('ss',$unique_code,$domain);
  if(!$statement->execute())
     die(json_encode(array('status'=>'error','reason'=>'Server error.')));
  $result=$statement->get_result();

  if(mysqli_num_rows($result)>0)
      die (json_encode(array('status'=>'success')));
  else die(json_encode(array('status'=>'error','reason'=>'Unique code/Domain error.')));
}else{
  die(json_encode(array('status'=>'error','reason'=>'Unique code/Domain error.')));
}

一切都运行得很好,但我在控制台中看到错误,有点像这样:

enter image description here

我的解决方案是什么,以便我不会收到此错误以及我在警报框中获取数据?

1 个答案:

答案 0 :(得分:1)

您输出application/json而不是application/javascript,因此您的浏览器认为它无效。 json应该在函数调用中(回调参数)。应该在服务器端验证回调参数,以防止xss注入:

Is it necessary to validate or escape the jsonp callback string

相关问题
最新问题