如何危险的是它的AJAX发送HTML,而不是发送JSON和构建HTML? [英] How dangerous is it send HTML in AJAX as opposed to sending JSON and building the HTML?
问题描述
可能重复:
<一href="http://stackoverflow.com/questions/1284381/why-is-it-a-bad-practice-to-return-generated-html-instead-of-json-or-is-it">Why它是一个不好的做法,返回生成的HTML而不是JSON?或者是什么?
在我看来,那这个截取任何可以提供即时的麻烦,因为任何人都可以只发送任何HTML /脚本返回给客户端。
It seems to me that any interception of this could provide instant trouble because anyone could just send any HTML/script back to the client.
我感兴趣的是这样做的唯一原因是因为巨大的痛苦是对前端开发人员每次有一个DOM结构/ CSS的变化,所以你现在必须去找出其中的Javascript的HTML建设进程您可能需要更新。
The only reason I'm interested in doing this is because of the huge pain it is for front-end developers every time there's a DOM structure/CSS change so you now have to go figure out where in the Javascript HTML building process you may have to update.
你们如何面对呢?有没有一些事情我可以做,以减少任何风险或UT斯达康只是直线上升坏主意?
How do you guys deal with this? Are there things I can do to reduce any risk or is ut just straight up bad idea?
推荐答案
我倾向于使用以下规则:
I tend to use the following rules:
-
请求和快速片段返回HTML,然后使用客户端(静态)Javascript来将它们插入。伟大的警报消息。
Request and return HTML for quick snippets, then use client-side (static) Javascript to insert them. Great for alert messages.
请求并返回JSON用于大型数据集。这个伟大的工程,当你想要做的过滤,分组,或无需重新请求数据以不同的形式进行排序的客户端。
Request and return JSON for large datasets. This works great when you want to do filtering, grouping, or sorting on the client side without re-requesting the data in a different form.
请求并返回JSON用于大型数据集,但包括(逃脱)HTML片段在JSON记录每个记录。这意味着更多的渲染时间比(2)更多的带宽使用,但可以减少往往是复杂的HTML渲染重复。
Request and return JSON for large datasets, but include the (escaped) HTML snippet for each record in the JSON record. This means more rendering time and more bandwidth use than (2), but can reduce duplication of often complex HTML rendering.
请求和返回的Javascript和评估它的客户端。这种方式最适合,例如隐藏,显示,移动和删除的相互作用。它可以插入工作为好,但往往输入(1)或(5)工作的更好。
Request and return Javascript, and eval it client-side. This works best for interactions such as hiding, showing, moving, and deleting. It can work for insertions as well, but often type (1) or (5) work better for that.
请求和返回的Javascript和评估它的客户端,但包括Javascript的转义的HTML因此服务器正在做的HTML渲染。
Request and return Javascript, and eval it client-side, but include escaped HTML in the Javascript so the server is doing the HTML rendering.
我大概用5和1个最频繁。
I probably use 5 and 1 the most often.
这篇关于如何危险的是它的AJAX发送HTML,而不是发送JSON和构建HTML?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
