David, I want to embed it in HTML so that I can just send that one HTML page to user after log in, and no other HTTP requests are needed before the user can start using the app. This is because it would take several small, but slow, HTTP requests to gather all the data that is needed to show the page. I guess I could whip up a special API method that would return all the data in a single HTTP roundtrip, but if I can pull off this JSOPN embedding, then I can skip even that one extra HTTP requests for initial load. After initial load, app will rarely be needing data from the server, and when it does, it will be using regular API to get that data.
This is all just a performance optimization, since most of our users are on a high latency network (mobiles), so those HTTP requests really take a while, and this is an attempt to just skip them altogether. Is there no easy way to embed HTML safe JSON in an HTML document, and have it parsed by JavaScript engine at the same time? Thanks, Alex On Fri, Aug 26, 2011 at 2:19 AM, David Chua <[email protected]> wrote: > Hi Alex, > > What is it that you're actually trying to do? I don't think its such a good > idea to put a JSON string on the client side as it can be manipulated to no > end. > > Why not just call the JSON object directly from the controller instead? > > David > @davidchua > > On Fri, Aug 26, 2011 at 1:27 AM, Alex Duck <[email protected]> wrote: > >> Hi all, >> >> I'm working on a Backbone.js single page app with Rails 3.1, and in an >> attempt to save on HTTP requests, I want to embed initial data set in >> a HTML document that is sent back to the browser after successful >> login. >> >> I was thinking I can simply convert my ruby object to JSON, then HTML >> escape resulting string of JSON, and then use that as a value for >> JavaScript variable. Something like this: >> >> >> <% tags = [{name:"tag1", color:"green"}, {name:"</script><b>I can do >> something bad here</b>", color:"red"}] %> >> >> <script type="text/javascript" charset="utf-8"> >> //<![CDATA[ >> var tags_list = <%= tags.to_json %>; >> // ]]> >> </script> >> >> >> However, this escapes all the double quotes in that string, which >> triggers a "SyntaxError: Unexpected token &" in Chrome: >> >> var tags_list = >> [{"name":"tag1","color":"green"}, >> {"name":"</script><b>I can do something bad >> here</b>","color":"red"}]; >> >> >> If I remove the Rails' default HTML escaping with <%=raw tags.to_json >> %>, then it returns this: >> var tags_list = [{"name":"tag1","color":"green"},{"name":"</ >> script><b>I can do something bad here</b>","color":"red"}]; >> >> which, of course, breaks the HTML document with "</script>". >> >> I guess what I really want is to tell to_json() method to HTML escape >> keys and values inside JSON object(s), instead of it returning the >> JSON string unescaped, and then having Rails escape that whole string. >> I guess what I need is something like this: >> >> var tags_list = [{"name":"tag1","color":"green"},{"name":"</ >> script><b>I can do something bad here</ >> b>","color":"red"}]; >> >> I thought about storing JSON string in a <script type="application/ >> json" id="json_string"> tag, and then doing something like >> >> $.parseJSON($("#json_string").html()) >> >> but that also has the same problem of escaping, like in the above >> example. >> >> >> Is there any easy (Rails) way to do that? Or am I doing it wrong to >> begin with? >> >> Cheers! >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Talk" group. >> To post to this group, send email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/rubyonrails-talk?hl=en. >> >> > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/rubyonrails-talk?hl=en. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
