support jsonp

[jasonzhuang]

Does it support jsonp? If not, could you point out how to implement?

[jpillora]

JSONP cannot be globally hooked. Since JSONP just uses scripts and function calls, the only way to do this would be to manually insert hook points in each JSONP library. XHook is an XMLHttpRequest wrapper with hooking options and since JSONP doesn't use XMLHttpRequest at all, it's out of scope.

My recommendation would be to choose your JSONP library, jQuery for example, and modify it to do what you need.

[j-5-s]

What if you overwrote document.createElement?

var createElement = document.createElement;
document.createElement = function(){
  var args = [].slice.apply(arguments)
  var el = createElement.apply(this, args);
  if (el.nodeNode === 'SCRIPT') {
   //  attach listeners to onload here
  }
  return el;
}

You would still not be covered by document.appendChild with script's as strings but not sure how common that is with jsonp libraries. I've really only seen that with analytics libraries like google analytics.

[jpillora]

Intercepting all possible ways of inserting a script tag isn't practical. Consider:

fooElement.innerHTML = '<script src="//server.com/my-jsonp-request.json?param=42"></script>';

This is a valid way for a library to make a JSONP request and would be impossible to catch.

[j-5-s]

one more idea. you could intercept all jsonp requests with a MutationObserver since it requires a script tag get added to the page. I've created an example here its not complete and only console.log's the data.

[jpillora]

That's actually quite neat, I've never used MutationObserver. This looks like it might support the "after" hook, though I'm not sure about the "before" hook (and optional response replacement) as this would require the altering/cancelling of the script's request for script[src] fires off to the server

[j-5-s]

Yeah, before wouldn't work in terms of altering/canceling. The mutation observer would fire off after the script tag is appended to the page, but from my initial tests always before the request completes. The only concern would be all the mutations it would have to filter through to look for scripts. It could potentially slow down the execution of the page.

[morsdyce]

While MutationObserver is a good way to detect script tags in the page, we won't be able to stop the request from finishing and parsing, we might be able to remove the script tag in time and that would tell the browser to not process the incoming javascript but we need to test how each browser reacts to this change.

We also need to keep in mind this will only work in evergreen browsers and the user must provide a valid jsonp response using the correct callback name.

The only other way I can think about doing this is trying to override the original Script is using service workers. However using service workers having many limitations which aren't very logical for a library to implement. The 2 main ones are that you must be running on https and you can only have 1 service worker per scope (and this would need to run on the root scope).

[dickeylth]

Intercepting all possible ways of inserting a script tag isn't practical. Consider:

fooElement.innerHTML = '<script src="//server.com/my-jsonp-request.json?param=42"></script>';

This is a valid way for a library to make a JSONP request and would be impossible to catch.

It seems that in this way the script in the src would not be executed, even not be loaded.