I found a fascinating difference in the use of the dynamic script tag between Internet Exploder and all the other browsers. They call the remote script at different times. This might cause undesirable behaviors in your script.
This article has nothing to do with security concerns of calling dynamic script tags, aka the dangers of cross site scripting. I would not use this to transfer sensitive information. For our application, we were using the script at the bottom of web pages to send out some simple analytic information (browser, time, etc). Below is the commonly used code to insert a dynamic script tag. Here is the kicker:
Internet Explorer will call this remote script immediately after setting the src attribute.
Firefox, Safari, and Chrome will not call this remote script until the script element is appended to the DOM.
var scr = document.createElement("script"); scr.setAttribute("type", "text/javascript"); scr.setAttribute("src", "http://solidlystated.com/solid.js"); document.body.appendChild(scr); |
Make sure you are ready for the remote script to be called when you set the src attribute. Our enterprise app had other code at work before the script was appended into the DOM, where we would expect it to execute. In Internet Explorer, our app appeared to be broken because the script had already been called before it was appended.
If this article helped you, leave a comment!
