search

smfoote / tornado

HTML templates with asynchronous rendering, built with JavaScript.
http://smfoote.github.io/tornado/
Apache License 2.0
8 stars 3 forks source link

consider using document.implementation.createHTMLDocument #126

Closed jimmyhchan closed 9 years ago

jimmyhchan commented 9 years ago

... instead

IE9+ https://developer.mozilla.org/en-US/docs/Web/API/DOMImplementation we could add a fallback to fragment but IE9+ seems sufficient.

it's what jQuery uses and is more secure since it won't execute scripts/download images immediately.

http://stackoverflow.com/questions/7738046/what-for-to-use-document-implementation-createhtmldocument

smfoote commented 9 years ago

While this is interesting, I think it creates a lot of unnecessary complexity.

  1. It creates an entire HTML document, which is more than we need, so we would have to throw away most of what is created anyway
  2. It doesn't create a simple container that can be appended, which would force us to use innerHTML or an expensive traversal of all the nodes to append
  3. We create a lot of fragments, and creating entire HTML documents might get expensive (I don't really know if this would be a problem, just speculating)
  4. The only way to prevent assets from being downloaded or scripts from being executed is to wait until they are appended to the HTML document before setting their attributes or contents. Not impossible, but it does change how things are currently compiled.
jimmyhchan commented 9 years ago

thanks for looking. i'll close this.