Hello guys, reading the Guidelines & Policies, one of the point states the following: “Do not inject directly into the DOM any data obtained dynamically over AJAX (e.g., JSON is fine, HTML is not).”
In my case, I send a request to a RESTful API which is hosted on my server. After performing some tasks, the server builds a string with the HTML code which is returned back to the front-end, if the call completed succesfuly then I do something like: var target = $("#container"); target.html(responseFromServer);
That is not allowed right? Should I instead send the data as JSON and “inject / create” the HTML on the fly in javascript?
The direct usage of any HTML received via calls to your EBS is not allowed.
Just - as you stated you stated yourself - send the actual data, like a message, in the response and add any HTML for formatting in the JS processing the response.
What about for some tags that I need to be sent by the server? For example, the description of some objects I send to the front-end are retrieved from the database and that description contains some HTML code and change the data from the database would be really bad, will be this a problem?
Edit: Changed the question since the “problem” isn’t the server itself but the database.
Usually there are some conventions on how to manipulate the DOM, there are also frameworks that remove the Responsibility of the Developer to manipulate the DOM directly, there are several good and interesting examples, React, Vue, Angular, Ember and etc.
When you have a time it is worth to understand the proposals of these tools
obs: First of all, learn the vanilla javascript correctly.