Currently, I am working on updating an existing web application that allows for user administration and login capabilities. One of the features involves modifying a user's details through a dialog box, where the updated data is then sent to the server via AJAX. Upon receiving the update response with some lines of JavaScript code to be executed in order to reflect these changes on the current page, I find this method questionable. Is it safe to execute externally acquired JavaScript?
In my opinion, a better approach would be to have the AJAX call responsible for sending the updates also trigger another function to retrieve the most recent data from the server via AJAX or simply refresh the page. Would implementing this change offer any advantages in terms of security or overall system architecture, or am I being too cautious?