堆栈内存溢出
  简体   繁体   English

API设计-存储诸如HTML之类的富文本的最佳实践是什么

[英]API Design - What are the best practice to store Rich text like HTML

 原文  2018-05-14 06:53:07       javascript/ ios/ json/ rest/ api-design

问题描述

Let's say you want to be able to display some rich text in your app, and you want to design the backend API for that purpose. 假设您希望能够在您的应用程序中显示一些富文本格式,并且想要为此目的设计后端API。

Rich text can be : 富文本可以是:

  • paragraphs 段落
  • Some bold or italic texts 一些粗体或斜体文本
  • titles from 1 to 6 weight 标题从1到6权重
  • images 图片

This is easy to do in HTML. 这在HTML中很容易做到。

You could create the rich text I need, then store its whole HTML in the backend model's field. 可以创建所需的富文本格式,然后将其整个HTML存储在后端模型的字段中。

Then retrieve it through your backend API as a HTML String and display it in a webview in your app or something. 然后通过您的后端API以HTML字符串的形式检索它,并将其显示在应用程序或其他内容的网络视图中。

But that sounds like a bad practice although I'm not too sure. 但这听起来很糟糕,尽管我不太确定。

Please share your thoughts and experience about this. 请分享您的想法和经验。

Also, what would be a better practice for this kind of use case ? 另外,对于这种用例,什么是更好的做法?

2 个解决方案

解决方案1
 3  2018-05-14 08:37:23

It's usually not a good idea to store and display HTML as is, especially if it can be entered by a user (See HTML injection). 按原样存储和显示HTML通常不是一个好主意,特别是如果用户可以输入它(请参见HTML注入)。 If the HTML is always from a trusted source however it should be fine to store the HTML as is. 如果HTML始终来自受信任的来源,则可以按原样存储HTML。

Some better alternatives would be to allow the users to enter markdown instead of HTML, that can then be converted to HTML when it is displayed. 一些更好的选择是允许用户输入markdown而不是HTML,然后可以在显示时将其转换为HTML。

If however markdown does not meet all of your criteria the HTML that will be stored and later displayed should be stripped of all possible malicious tags, for example <script> and <iframe> . 但是,如果markdown不能满足您的所有条件,则应删除将要存储并稍后显示的HTML,去除所有可能的恶意标签,例如<script><iframe>

解决方案2
 1  2018-05-14 08:38:33

The best means of displaying HTML is likely some kind of web viewing component, which tend to be quite heavy by their nature. 显示HTML的最佳方法可能是某种Web查看组件,其本质上往往很繁琐。

What I would consider, in your situation, is a markdown component. 在您的情况下,我认为是降价组件。 The reason for this is markdown maps to NSAttributedString quite closely. 这样做的原因是markdown映射到NSAttributedString非常紧密。

^^ All opinion, of course. ^^当然,所有意见。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在反应网站中存储多语言文本的最佳实践是什么 - What is the best practice to store multi language text in a react web site 多动作 API 最佳实践/设计模式 - Multi actions API best Practice / Design Pattern 在html attr中存储值数组的最佳实践? - Best practice to store array of values in html attr? 在不使用经典的 html 表单的情况下,在 web 应用程序中存储隐藏值的最佳做法是什么? - What is the best practice to store hidden values in web apps, without using the classic html form? 在HTML中获取子元素的最佳做法是什么? - What is the best practice to get a child of an element in HTML? 使用 react 调用 API 的最佳实践是什么 - What's the best practice to call API with react 用JavaScript调整文本大小的“最佳实践”是什么? - What is the “best practice” for resizing text with Javascript? Node Express编写API函数样式/设计模式的最佳实践 - Node Express writing API functions styles/design patterns best practice 用于文件 CSV 导入的 API 设计,最佳实践方法? - API design for file CSV import, best practice approach? 是否存在将属性值的内容存储到HTML事件的最佳实践? - Is there a best practice to store content of attribute value to HTML event?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM