←back to thread

<template>: The Content Template element

(developer.mozilla.org)
217 points palmfacehn | 8 comments | 02 Sep 25 17:16 UTC | HN request time: 0.001s | source | bottom
Show context
alserio ◴[02 Sep 25 18:34 UTC] No.45107190[source]
I was wondering, are template elements a good place to store json data in the page to be consumed by js?
replies(4): >>45107213 #>>45107278 #>>45108146 #>>45108459 #
bsmth ◴[02 Sep 25 18:41 UTC] No.45107278[source]
You might be interested in data attributes for this use case https://developer.mozilla.org/en-US/docs/Web/HTML/How_to/Use... although it depends on the shape of the JSON data you had in mind.
replies(1): >>45107309 #
1. alserio ◴[02 Sep 25 18:43 UTC] No.45107309[source]
What do you mean with shape? Are you concerned about escaping and such?
replies(1): >>45107749 #
2. bsmth ◴[02 Sep 25 19:18 UTC] No.45107749[source]
I can imagine if it's deeply nested data, your markup might get complex, but the structure of the HTML doesn't have to mirror the JSON. There's other examples here which might illustrate more how this can look: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/...
replies(1): >>45107827 #
3. alserio ◴[02 Sep 25 19:24 UTC] No.45107827[source]
Thank you. I was looking at a generic way to pass configuration data to custom elements where I cannot know the shape in advance, since another dev can have different requirements. I support data attributes for simple types but i was wondering if allowing arbitraty json objects via other means could be feasible.
replies(1): >>45108093 #
4. hunter2_ ◴[02 Sep 25 19:45 UTC] No.45108093{3}[source]
Since JSON is a subset of JavaScript, you can just use a script element, and including the json mime type certainly doesn't hurt:

    <script type="application/json" id="myJSONData">
      {
        "name": "John Doe",
        "age": 30
      }
    </script>

    <script>
      const data = JSON.parse(document.getElementById('myJSONData').textContent);
      console.log(data.name + " is " + data.age); // John Doe is 30
    </script>
Note: The JSON data must exist literally within the script element. If you try using a src attribute to request it from elsewhere, the response will not be available via textContent or any other mechanism [0], and at that point you just need to fetch/ajax/xhr it.

[0] https://stackoverflow.com/questions/17124713/read-response-o...

replies(1): >>45109117 #
5. lioeters ◴[02 Sep 25 21:11 UTC] No.45109117{4}[source]
About embedding JSON in a script tag, I recently read an article on the risk of a closing </script> tag within the JSON that could break it.

Safe JSON in script tags: How not to break a site - https://sirre.al/2025/08/06/safe-json-in-script-tags-how-not...

As with all untrusted content, depending on where the JSON string comes from, sanitizing the output is worth considering.

replies(2): >>45119162 #>>45126599 #
6. hunter2_ ◴[03 Sep 25 18:48 UTC] No.45119162{5}[source]
Great article! I suppose a similar (yet different) precaution would be needed in data-* attributes or any other part of an HTML document.
7. yencabulator ◴[04 Sep 25 12:42 UTC] No.45126599{5}[source]
That article was pretty complicated; I appreciate the historical understanding but frankly web legacy is too complex to bother with "why" too much, in the end so many things just don't make sense and are historical accidents.

Here's another take, just a short list of replacements. Interestingly, "&" is also escaped: https://pkg.go.dev/encoding/json#HTMLEscape

replies(1): >>45127628 #
8. lioeters ◴[04 Sep 25 14:25 UTC] No.45127628{6}[source]
That's a helpful summary of what's necessary to make JSON safe to embed in script tags.

I agree the "why" is too long of a story, an accumulation of supposedly logical decisions that led up to the ball of quirks. It's too much to remember. Exactly the kind of thing that should be delegated to a specialized function made and maintained by experts.