If the advertiser is okay with it, you could have it work like this:
1. Client makes HTTP GET request from the site's server.
(1a. If the page has to load before the advertisement does, the site server returns immediately and the client makes an XMLHttpRequest to the site server, then proceed to step 2.)
2. Site's server GETs the javascript-text plus digest from the advertiser, checks the digest, then sends the javascript to the client to be eval()'d.
Since the final javascript is the one that will be loading the advertisement's images, links, etc., the advertiser can still independently verify that an actual user is viewing the ad.
If the advertiser is okay with it, you could have it work like this:
1. Client makes HTTP GET request from the site's server.
(1a. If the page has to load before the advertisement does, the site server returns immediately and the client makes an XMLHttpRequest to the site server, then proceed to step 2.)
2. Site's server GETs the javascript-text plus digest from the advertiser, checks the digest, then sends the javascript to the client to be eval()'d.
Since the final javascript is the one that will be loading the advertisement's images, links, etc., the advertiser can still independently verify that an actual user is viewing the ad.