简体繁体 English

Asp.net MVC 3筛选器数据然后传递到JSON

[英]Asp.net MVC 3 Filter Data then pass into JSON

原文 2013-07-28 14:32:44 1 2 javascript/ asp.net-mvc/ json

I am using asp.net mvc 3 and was wondering is it better to pass all the data via JSON and then use javascript to filter the data or is it better to filter the data and then pass it into JSON? 我正在使用asp.net mvc 3，想知道是通过JSON传递所有数据，然后使用javascript过滤数据还是更好的方法是过滤数据，然后将其传递到JSON？

If filtering the data and then passing it as JSON was the best option how would I go on doing this? 如果过滤数据然后将其作为JSON传递是最好的选择，我将如何继续进行呢？

2 个解决方案

If you are looking to filter your data for security reason I suggest you to do then on both side. 如果出于安全原因考虑过滤数据，建议您两边都这样做。

You could use jquery validation like jquery.validate() pluggin and best practices find in this web site : https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet 您可以使用jquery验证（如jquery.validate（）插件）和最佳实践在此网站中找到： https ://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

On the server side you must verify and type all data you recieve and all data you send if you are displaying data inserted by users. 在服务器端，如果要显示用户插入的数据，则必须验证并键入所有收到的数据和发送的所有数据。

MVC is secured with some process (like detection of maliscious data and antiforgery token) but control your data is always better ;). MVC通过某些过程得到保护（例如检测恶意数据和防伪令牌），但控制数据始终更好；）。

Well, it really depends on what you are trying to do. 好吧，这实际上取决于您要执行的操作。 There are two possible cases that I see. 我看到两种可能的情况。

In the one case, the date you are sending to the user should only be seen by that user, or needs to be filtered ahead of time so that the user does not gain access to data that they shouldn't. 在一种情况下，您发送给用户的日期只能由该用户看到，或者需要提前进行过滤，以使用户无法访问他们不应该访问的数据。 In this case, you definitely want to filter server side and leverage the credential/security system provided by ASP.NET for authorization to the data. 在这种情况下，您肯定要过滤服务器端，并利用ASP.NET提供的凭据/安全系统对数据进行授权。
A second case is where you want to keep the amount of the data small. 第二种情况是您希望保持较小的数据量。 For example,it is not typically a good idea to send huge amounts of data back and forth between client and server side. 例如，在客户端和服务器端之间来回发送大量数据通常不是一个好主意。 In this case, you can leverage the power of technologies like LINQ or SQL to rapidly get the data and send it back client side. 在这种情况下，您可以利用LINQ或SQL等技术的力量来快速获取数据并将其发送回客户端。
In the third case, you would want to send as much data as you need (and no more) to the client to allow for good client/UI interaction. 在第三种情况下，您可能希望向客户端发送尽可能多（而不是更多）的数据，以实现良好的客户端/ UI交互。 That way, you can perform quick filtering, searching, or whatever client-side activity is needed. 这样，您可以执行快速筛选，搜索或任何需要的客户端活动。 This can greatly improve user experience. 这样可以大大改善用户体验。

In general: limit the total amount of data you send, don't send anything the user shouldn't see (even if you aren't displaying it), and do as much work as you can client side to improve the user experience. 通常，请：限制发送的数据总量，不发送用户不希望看到的任何内容（即使您未显示任何内容），并尽最大努力在客户端改善用户体验。