Reputation: 281
Binding MVC model with knockoutjs mapping plugin expose all the data in view source
In our project we used knockoutJS Mapping plugin to map the MVC model using the following
var data = @Html.Raw(new System.Web.Script.Serialization.JavaScriptSerializer().Serialize(Model));
$(document).ready(function () {
viewmodelCO = new ViewModelCO(data);
ko.applyBindings(viewmodelCO, document.getElementById("divID"));
});
All things works perfectly OK, but my problem is the data security, when we use @Html.Raw is expose all the data and if someone right click on the page they can see the original Raw data .
How can we prevent this situation, I know one option is re-write the code and get the data using Ajax request but this is like another call to the server after the page load and that was the reason we start using the MVC model to Map the knockout object. Any suggestions ?
Upvotes: 0
Views: 37
Answers (1)
Reputation: 14677
If you want the web page to manipulate the data, the data is going to have to be sent to the client. That can either be done how you're currently doing it, or, as you mentioned, via a second AJAX request. Either way, you're sending the data to the client (and doing it via AJAX isn't any more secure -- it's trivial to see the data coming over the wire).
If you're concerned about the data, make sure you're only sending what is necessary to perform the task and nothing extra. That may mean you have to reduce the data a bit, but it'll bring your more security.
Upvotes: 1
Related Questions
- how map model to knockout
- How to bind data from model to view using knockoutJS
- binding json data using knockout
- Knockout view model with mapping plugin
- Using the mapping plugin of Knockout in an Asp.Net MVC view
- Binding viewmodel with knockoutjs mapping
- ASP.NET MVC model binding with knockout.js
- Binding Model data to Knockout ViewModel?
- MVC 4 model Binding in KnockoutJS
- Map a complex MVC ViewModel in knockout