I want to know if it's safe to pass data from blade to vue component knowing that we can see the code in source code.Example:
<project
id="{{$project->id}}"
title="{{$project->title}}"
desc="{{$project->desc}}">
</project>
Do users or people with bad intentions can change these in client? If yes what can I do to protect my website? Thanks.
Can the data be changed by a user? Yes.
Can you stop users from changing the data? No.
Vue is JavaScript and JavaScript is ran on the client side. You have no way of stopping a user from changing code on the client side.
The best thing you can do is never trust any input that is sent back to the server. ALWAYS check if the data that has been sent to the server is valid. This is not only true for JavaScript, but any data that is being sent to your server.
Yes, it is safe. The blade is rendered together , and then the data is part of the HTML/CSS/JS when rendered. And project component will be rendered into Vue HTML, so the data passed is hidden as well.
Related
When I passing data in the blade file through wire:click="data('text')" then it's working fine.
But if I change the value in the blade file like wire:click="data('new text')", then this value changed.
This is my blade file
<button wire:click="delete('1')" type="button">Delete Record</button>
But when I change the value in the blade file and click on the button then this value changed.
<button wire:click="delete('10')" type="button">Delete Record</button>
Please! tell me. How this problem will be solved.
The short answer is, that's how any and all forms work - be it Livewire, a standard HTTP form or via Ajax. This can be done with any data the user passes to your server, and it's normal, expected behaviour. There is no way you can prevent it entirely. Users can manipulate any of the data they send themselves.
The lesson here is don't trust user input! And to act on that, you need authorisation and validation of all incoming requests. This must be done on the server where you accept the request (meaning in PHP) and not in the client (like JavaScript), as anything client-side can be manipulated by the user like you've just seen.
Laravel offers policies and guards, so that you very easily can validate that the user has access to perform given actions and change or delete the record they attempt to act on. This makes validation and authorisation very easy in Laravel projects, but there's no magic - you have to implement it for all of the requests where users can pass data or call actions in your application.
Is it possible with gatsby to render some external data server side to have prepopulated content when accessing page with browser?
Lets assume i have a public api endpoint like this: http://jsonplaceholder.typicode.com/posts
I want data from such endpoint rendered also server side.
Current behaviour:
Currently when doing axios get calls in my component(constructor or componentDidMount) im able to see data downloaded and rendered fully client side
Expected result
I want to be able to call external data in react component (maybe marking with async/await) to have it rendered after ajax call wil be finished.
I found something regarding graphQL(iam not familiar with it) that it is able to query data also for server side rendering.
But how to achieve my needs using simple text/json response from external endpoint?
If a plugin exists to pull data from your source of choice, then you can pull it in and use GraphQL to query it.
https://www.gatsbyjs.org/docs/plugins/
If it doesn't, you'll want to write a plugin to pull data or use the sourceNodes API in your gatsby-node.js file.
https://www.gatsbyjs.org/docs/node-apis/#sourceNodes
I have Restful controller that renders a view with data from database and I want to load this view with its data in another view via ajax. There is a problem "undefined variable". Is there any solution?
When you pass variables to your view they are only available on the server side while the view renders and then they are discarded. What this means is that the variables are only available to the php of your application and then they are gone by the time the view has been rendered and sent to the visitors web browser.
If you try to use the variables with JavaScript then you are running the JavaScript on the client side (as opposed to the server side). The variables that you pass to your view do not exist on the client side where your JavaScript runs.
From what it sounds like. You are defining a variable in your controller via laravel. Then you are passing the variable from the controller to the view. The view is then rendered as html and sent to the visitor's computer (the client) which the html is then loaded and that is when the JavaScript starts to load.
That's the problem, now possible solutions.
First you could send the variable (assuming it is simple data and not like an object) to the browser through laravel flash variables which are actually stored on one time cookies on the client side. Then you use JavaScript to access the cookie and get the data then storing it to a js variable and using it in your script.
Second you create an Api to respond to your http requests and then send an Ajax request from your JavaScript to the api to get the data. Then you would store it in JavaScript and use it. This allows complex data like objects because you would use the JSON format to send information to respond to the Ajax call. While cookies are restricted to (5kb I think) there is really no theoretical limit to JSON data.
I hope that helps and I hope I'm understanding your problem.
Would need to see your javascript before anything, but usually for me this means a misspelled element id or misspelled a reference file
I am a complete newbie to AngularJS. I want to check the feasibility of using it in my new Project which is a web application. I already have a few pages created in project using Struts2 Spring and hibernate. To convert these following are points I understand:
Convert server side API to REST style which returns JSON data
Question: Can I use dynamic HTML to load using AngularJS. I guess yes. not sure how?
Currently I use velocity Templates on server side to populate data in HTML templates and send it as response in AJAX? What would change if i try to use AngularJS?
I have a landing page which is used to show some images and data associated with it which is stored in DB. How can I show it using AngularJS?
Question: Shall I load the HTML template which contains only one div tag when I hit website URL(mysite.com) and then fire AJAX requests to load the dynamic HTML?
If I use AndularJS does it invalidate use of Struts2 altogether if I choose to implement my Data API as REST with JSON? I guess not as I will still need to load dynamic HTML views which will be generated on Server correct?
How to maintain HTTP session state on server side if I use REST data API with AngularJS on client?
I know I can search and read about answers to above questions on net somewhere. I just need them at one place so that I can carry discussion and other questions that arise from it.
I may answer some of your questions:
1) Convert server side API to REST style which returns JSON data
Yes
Question : Can I use dynamic HTML to load using AngularJS. I guess
yes. not sure how?
Currently I use velocity Templates on server side to populate data in HTML templates and send it as response in AJAX? What would change
if i try to use AngularJS?
If I understood you right, you want to generate templates on server-side. In this case - you just don't need AngularJs - your views are prepopulated on server and browser recieves static content (from client-side point of view). If you want to use AngularJs, then your templates will become static content (from server-side point of view) and they will be populated by angular via REST services.
2) I have a landing page which is used to show some images and data
associated with it which is stored in DB. How can I show it using
AngularJS?
Question : Shall I load the HTML template which contains
only one div tag when I hit website URL(mysite.com) and then fire AJAX
requests to load the dynamic HTML?
Not exactly. One div would be enough for jQuery-based approuch (you would use something like $.ajax and then appended data in imperative way). In case of Angular you will need to return template. It may look like this:
<ul ng-controller="MyCtrl">
<li ng-repeat="item in data">
<img ng-src="item.image.src">
<span>{{item.data.someTextProperty}}</span>
</li>
</ul>
And some AngularJs controller that will fire request to REST service (via your AngularJs service, probably) and autmatically fill template with results
function MyCtrl($scope, $http) {
$http.get('/rest/data').success(function(result) {
$scope.data = result;
});
}
3) If I use AndularJS does it invalidate use of Struts2 altogether if
I choose to implement my Data API as REST with JSON? I guess not as I
will still need to load dynamic HTML views which will be generated on
Server correct?
I think it will only invalidate use of View of MVC in Struts, since AngularJS will just replace it. Also it will make you to use something like RESTful controllers (not quite familliar with Struts, but I think there is something like this)
4) How to maintain HTTP session state on server side if I use REST
data API with AngularJS on client?
This is not short answer, but basically there is following pattern. AngualrJs provides http interceptors, that may intercept requests and responses. If response with code 401 (which is unauthorized) is intercepted, you may provide your user with a login form to restore session and after this action will be completed, retry last request. Also, here you may find another aspect of this question.
I hope my answer helped you.
is it possible to cache form contents on client side? Like maintaining state even if the form is un-saved and the user moves to a new page then returns back to the form?
The best way to do this would be by using Javascript/AJAX to talk to the server, saving each form field as the user went off it. Then, when you load the page, you'd see if there was any content for each form already saved.