2

Before I start, I want to make it clear that my code is working properly, and this is more of a "general best practice" question. I'm using knockout.js to load in my ASP.NET MVC2 model into knockout's viewModel.

In my aspx page I have:

<script>
var model = <%= new JavaScriptSerializer().serialize(Model) %>; 
// the above line will display in my page's "View Source". Is this bad? slow? 
</script>

Then in my JavaScript include file at the top I have:

$(document).ready(function() {
    var viewModel = new MyViewModel();
    ko.applyBindings(viewModel);

    viewModel.modelProp(model);
});

The code totally works fine, but the concern I have with this is that the JSON output is viewable in the "View Source" option from the browser in the HTML output. I'm curious about two things:

  1. Does this also happen in ASP.NET MVC3? I'm using ASP.NET MVC2, hence I can't use @Html.Raw(Json.Encode(Model)); -- But does the MVC3 method result in the same issue?

  2. Is this something I should be concerned about? Is it a security issue? Is it a performance issue? The page's source will be larger because I'm outputting the JSON into a JavaScript variable, no? Again, maybe it's not an issue in MVC3?

Improve this question
1
  • 1
    It will also happen in MVC3, with the @Html.Raw method. Commented Jun 15, 2012 at 18:30

1 Answer 1

Reset to default
1

If I hear you correctly, you want to now if you should be concerned that people can see your json. I would not be concerned about that. In fact, not only can they see the json by viewing source, but they can also see it via a network sniffer like fiddler, httpwatch, or browser developer tools (F12). I'm not sure why you care if the json is visible because once it gets data bound to the UI, it will be there too.

As a side note, by loading your KO viewmodel from MVC, that means your viewmodel will only refresh its model data when you post. If you load it via an ajax call (to perhaps an MVC action since you use asp.net mvc) you could avoid that page refresh. Just another option.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Yes, you are understanding my question correctly. I will also replace the model via ajax calls depending on the actions the user takes, but this is for the initial data load. Since the model is observable, I'm always able to replace it. I'm was just curious if it is insecure or slow to have all the extra information in the page source.
It more bytes than not having it, but if you want to manipulate the UI client side and use databinding, etc, you need the json up there in the viewmodel and all the script code that goes with it. Is it a noticable perf issue? No. Is it insecure? Only if you put secure info there , which I assume you are not.
Thanks. This makes me feel better about it. I'm using page specific view models as well so it sounds to me like I'm following general best practices then. I'll accept this answer, but I'm more than happy to have any other input!
No worries. Happy to help. Its good to see some good uses of MVC with KO. What you have is nice and decoupled

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.