Changes between Initial Version and Version 1 of Ticket #17419, comment 25
- Timestamp:
- Jan 25, 2016, 1:18:40 PM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #17419, comment 25
initial v1 7 7 8 8 {{{ 9 <script type="x- data/x-config" id="variables" data-my-info="{{ info|to_json }}">9 <script type="x-config/x-data" id="variables" data-my-info="{{ info|to_json }}"></script> 10 10 <script> 11 11 // with jQuery … … 21 21 The argonauts approach isn't necessarily wrong, but feels more like its intended to be used as "generate some JavaScript" tag rather than one for "output JSON content [safely in an HTML context]". Granted, the former (inline JavaScript) could very well be what many developers want, and the latter (HTML-safe JSON) ends up being a bit of a pain anywhere *but* in an attribute. 22 22 23 Hopefully my 2¢ on an alternative consideration is helpful feedback. There's certainly some irony in proposing a solution that only works one place, up against a solution that is convenient everywhere *except* that same place where it happens to be unsafe. For me it was a tradeoff: fully escaped output is _safe_ anywhere it ends up. Unfortunately it's only _useful_ when extracted from an attribute value, but that's a habit I was willing to settle on; I can use the same pattern across pretty much any platform's template engine. YMMV.23 Hopefully my 2¢ on an alternative consideration is helpful feedback. There's certainly some irony in proposing a solution that only works one place, up against a solution that is convenient everywhere *except* that same place (where it happens to be unsafe). For me it was a tradeoff: fully escaped output is _safe_ anywhere it ends up. Unfortunately it's only _useful_ when extracted from an attribute value, but that's a habit I was willing to settle on; I can use the same pattern across pretty much any platform's template engine. YMMV.