Changes between Initial Version and Version 1 of Ticket #17419, comment 25


Ignore:
Timestamp:
01/25/16 19:18:40 (6 years ago)
Author:
Nathan Vander Wilt
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #17419, comment 25

    initial v1  
    77
    88{{{
    9 <script type="x-data/x-config" id="variables" data-my-info="{{ info|to_json }}">
     9<script type="x-config/x-data" id="variables" data-my-info="{{ info|to_json }}"></script>
    1010<script>
    1111  // with jQuery
     
    2121The argonauts approach isn't necessarily wrong, but feels more like its intended to be used as "generate some JavaScript" tag rather than one for "output JSON content [safely in an HTML context]". Granted, the former (inline JavaScript) could very well be what many developers want, and the latter (HTML-safe JSON) ends up being a bit of a pain anywhere *but* in an attribute.
    2222
    23 Hopefully my 2¢ on an alternative consideration is helpful feedback. There's certainly some irony in proposing a solution that only works one place, up against a solution that is convenient everywhere *except* that same place where it happens to be unsafe. For me it was a tradeoff: fully escaped output is _safe_ anywhere it ends up. Unfortunately it's only _useful_ when extracted from an attribute value, but that's a habit I was willing to settle on; I can use the same pattern across pretty much any platform's template engine. YMMV.
     23Hopefully my 2¢ on an alternative consideration is helpful feedback. There's certainly some irony in proposing a solution that only works one place, up against a solution that is convenient everywhere *except* that same place (where it happens to be unsafe). For me it was a tradeoff: fully escaped output is _safe_ anywhere it ends up. Unfortunately it's only _useful_ when extracted from an attribute value, but that's a habit I was willing to settle on; I can use the same pattern across pretty much any platform's template engine. YMMV.
Back to Top