Is there any danger to expose grav config in a javascript object for frontend parametrisation ?
I do this in a plugin
public functionn onPluginsInitialized() {
//map plugin config
$configJSON = json_encode($this->grav[‘config’]);
$assets->addInlineJs(“var GRAV = {};GRAV.config = JSON.parse(’” . addslashes($configJSON) . “’);”, [‘loading’=>‘inline’, ‘position’=>‘before’]);.
}
I need to get page frontmatter configuration as well, in order to work with more advanced javascript.
If there is any other proper way to achieve this, I woul dbe happy to know it.
More generally is there any form of way of working with a assets vue.js or any mordern js framework in themes or plugins ?
That would be a great point to deal with in documentation, in order to get more developpers in grav cms !!
Thanks in advance
Exposing internal data in the frontend is asking for trouble. You might think it all is pretty harmless but you’ll be amazed what hackers can do with such information. And if you are amazed it’s too late.
So I would be very selective and only expose the data you absolutely need.
The way you transfer the config data to Javascript is fine I think.
In future please use the triple quotes block in this editor. Your code (with one extra line) then looks like this:
public functionn onPluginsInitialized() {
//map plugin config
$configJSON = json_encode($this->grav['config']);
$assets = Grav::instance()['assets'];
$assets->addInlineJs("var GRAV = {};GRAV.config = JSON.parse('" . addslashes($configJSON) . "');", ['loading'=>'inline', 'position'=>'before']);
}
Even more important is that single and double quotes are the correct characters instead of their curly look alike (for example " vs "). It makes a quick copy/paste much easier and thus helps in getting answers.
Ok thanks for your reply. I think It is a important topic, that should be exposed in documentation.
Thanks!