2013-05-17 20:21
浏览 494


Backstory: I'm trying to use the Newsletter Widget from SendGrid but they currently don't offer it using SSL. So any requests to https:// just redirect to http:// and then browsers complain about insecure content on my secure site.

Ok fine, so I implement something like this in PHP:

$output = file_get_contents('http://sendgrid.com/newsletter/getSubscriptionWidget?p=xxx');

And then in my view have this:

 <script type="text/javascript">
    <?php echo($output); ?>

Viewing the source of this page after execution shows that it pulls the javascript widget code in just fine. BUT, it doesn't work. By "not working" I mean the javascript code never executes.

If I load it (in a non-https development environment) using the script tag like:

<script type="text/javascript" src="http://sendgrid.com/newsletter/getSubscriptionWidget?p=xxx">

Then it works just fine!

TL;DR; What would cause javascript to execute fine when loaded under the src attribute of the script element and not work when echoed as content inside script tags?

P.S. You can view the SendGrid widget source here.

图片转代码服务由CSDN问答提供 功能建议

Backstory:我正在尝试使用SendGrid的Newsletter Widget,但他们目前不喜欢 使用SSL提供它。 所以任何对https的请求://只是重定向到http://然后浏览器会抱怨我的安全站点上的不安全内容。


  $ output = file_get_contents('http://sendgrid.com/newsletter/getSubscriptionWidget?p=xxx'); 


 &lt; script type =“text / javascript”&gt; 
&lt;?php echo($ output)  ;  ?&gt; 
&lt; / script&gt; 

执行后查看此页面的来源表明它可以很好地提取javascript小部件代码。 但是,它不起作用。 通过“不工作”我的意思是javascript代码永远不会执行。

如果我使用脚本标记加载它(在非https开发环境中): \ n

 &lt; script type =“text / javascript”src =“http://sendgrid.com/newsletter/getSubscriptionWidget?p=xxx”&gt; 


TL; DR; 什么会导致javascript在 src下加载时执行正常 脚本元素的属性,当作为脚本标记内的内容回显时不起作用?

PS 您可以在此处查看SendGrid小部件源。

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

1条回答 默认 最新

  • doushi5913 2013-05-17 20:49


    Turns out the SendGrid code checks to ensure the script tag is pointing at the script using this:

    // replace each instance
    $('script').each(function (wIdx, wElem) {
    var tag, src, table, trSubmit, tdSubmit, form, emailInput, message, params;
    tag = $(this);
    src = tag.attr('src');
    params = RegExp('p=' + '(.+?)(&|$)').exec(src);
    // check if corret script
    if ($.isArray(params) && params.length > 1 && key === params[1]) {
      form = $('<form />', {
        'class': 'SG_widget_form',
        'method': 'POST',
        'action': postURL,
        'accept-charset': 'UTF-8'
      message = $('<span />').insertBefore(form).hide();

    ... there is more after that, but that is the important piece. By adding the src attribute to the tag and pointing it at the correct location, the browser will block loading it normally, but will then execute the code I echoed with PHP inside of it.

    Probably fairly specific to my problem, but hopefully it will help someone else.

    解决 无用
    打赏 举报