Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
If I wanted to set some javascript variables from my model would that be a safe practice? For example:
<script type="text/javascript">
var myVariable = '@Model.myVar';
</script>
Is this an ok practice? I cant think of a better way to really do it, besides maybe doing hidden input, but that seems like too much work compared to this. I just dont know if this is vulnerable or if there’s something im overlooking by doing this.
I think there are a couple of issues with this. Fundamentally, you are tightly coupling your javascript to your page or view. I would consider myself a solid .NET / C# / MVC developer but a beginner with javascript and this is exactly the type of design that I pursued up until recently. In the past I would in-lining all kinds of javascript within my views and making heavy use of Razor. In the end it works but it leads to a very tight coupling of your markup and script and ultimately produces a difficult environment to maintain.
A much better approach would be to instead in-line calls to javascript functions. The difference is subtle but it will enforce the separation of these two areas.
You can also in-line values in hidden input fields, spans etc via Razor and expose them there to your javascript.