var ss1 = document.createElement('style'); var def = 'body {color: red;}'; ss1.setAttribute("type", "text/css"); if (ss1.styleSheet) { // IE ss1.styleSheet.cssText = def; } else { // the world var tt1 = document.createTextNode(def); ss1.appendChild(tt1); } var hh1 = document.getElementsByTagName('head')[0]; hh1.appendChild(ss1);
via Dynamic SCRIPT and STYLE elements in IE / Stoyan’s phpied.com.
有时是需要动态创建<script>元素的,比如从第三方动态(在主页面已经加载完毕后)引入js;或者需要从某个地址引入一段document,其中包含script和dom,这里的script需要被动态执行。
找到三个链接:
http://www.javaeye.com/topic/37745
http://www.cnblogs.com/xujiaci/archive/2007/12/14/994857.html
http://blog.csdn.net/liaoya/archive/2009/01/16/3796217.aspx
然后又发现了这篇,更具重量级的文章:
http://www.stevesouders.com/blog/2009/04/27/loading-scripts-without-blocking/
1. Because of same origin policy in browser, javascript from a domain can not access data from same domain.
2. Thus there is possibility that user widget running on your server can attack your server via its script, because it’s running in same origin as your widget container.
3. So we could provide a mechanism that can restrict the request from such malicious script/widget, we can still rely on same origin policy, that is to put the widget inside an iframe but not inlining container.
4. But we still need to keep the communication capability of widgets, of course the communication between iframe widget and inlining widget.
5. So OpenAjax Hub provide such a mechanism and reference implementation that we could make use of, to make it possible to communicate between different types of widgets.