|
|
two approached to embedded tokens Wednesday, November 15 2017
It's common when building web-based tools aimed at users with a moderate amount of tech-savvy to permit them to enter free-form text that includes tokens that will be replaced with some form of data from a data source. There are two ways to parse a tokenized string to replace that data. The first of these is to simply take the keys of the available data, append whatever additional characters comprise the token, and then do a string replace of those calculated tokens with the values in the data. This works for simple token systems, though it limits the amount of flexibility available to the user. A better system would be to parse the tokenized data looking for the tokens, iterate through those, and then replace any found keys inside the tokens with the corresponding data from the data source. Anything left over after that can be functionality (such as Javascript, or, more dangerously, PHP) that can be evaluated (perhaps in a highly-controlled manner so as to avoid being a security risk). This greatly increases the flexibility of the system, permitting (for example) a user to process data returned from the database before embedding it in whatever the ultimate context ends up being.
[REDACTED]
For linking purposes this article's URL is: http://asecular.com/blog.php?171115 feedback previous | next |