<script id="s1" src="foo.js"></script>
<script>
alert('foo.js contains' + _source_code_of('s1'))
</script>
Can _source_code_of be implemented?
<script id="s1" src="foo.js"></script>
<script>
alert('foo.js contains' + _source_code_of('s1'))
</script>
Can _source_code_of be implemented?
- As far as I know actually Yes it is kind of possible but you have to modify foo.js in a convenient way to allow the other script to be able to get (almost) all its content.. And also you don't even need foo extension to be .js. In fact can be something else too and it still works. All this means that you have to be able to access and edit foo.js the right way. – willy wonka Commented May 29, 2023 at 3:08
2 Answers
Reset to default 11No, this would allow to retrieve the contents of any URL, which would break some security policies. (This would be an equivalent of an ajax get request without same-domain checks.)
However, since foo.js is on the same domain than the page you can fetch it with an ajax request. Example with jQuery:
$.get('foo.js', function(source_code) {
alert('foo.js contains ' + source_code);
});
No, not directly for fundamental security reasons.
The fact that you've tagged this with Ajax implies that you're trying to use this as a way to retrieve data. If so, the closest similar approach is JSONP, in which the newly loaded script invokes a method to pass data back to the parent document.