If the JSON itself contains strings with markup included, and you're injecting d... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tracker1 on Sept 18, 2019 | parent | context | favorite | on: The cost of parsing JSON

If the JSON itself contains strings with markup included, and you're injecting directly into a script tag in the HTML document.

Though, if you're dealing with a typed object server-side and/or loading into a .js file request, it's less of an issue, if you aren't supporting html markup in the object to begin with. In my own use case, both are true.

Sephr on Sept 20, 2019 [–]

Hence why I said "You should be using appropriate DOM APIs"...

The appropriate DOM APIs don't take HTML strings in the first place. You shouldn't be passing HTML strings to JS.

Consider applying for YC's Summer 2025 batch! Applications are open till May 13
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact