Return to Answer

added 48 characters in body

edited Jan 6, 2014 at 11:07

Containing the PHP into a config data object goes 90% of the way but best practice is to seperate it entirely. You can use a RESTful api to only request the data that you need, it is a bit more javascript but with a few advantages.

Script is static and can be cached permanently
PHP no longer an XSS Vector
Complete seperation of concerns

Downsides:

Requires an extra HTTP request
more complex javascript

Script

//pure javascript $.on('domready',function({ //load the data $.get({ url:'/charts/3D1A2E', success: function(data){ //now use the chart data here ChartModule.init(data); } }); })

Script is static and can be cached permanently
PHP no longer an XSS Vector
Complete seperation of concerns

Downsides:

Requires an extra HTTP request
more complex javascript

Script

$.on('domready',function({ $.get({ url:'/charts/3D1A2E', success: function(data){ //now use the chart data here ChartModule.init(data); } }); })

Script is static and can be cached permanently
PHP no longer an XSS Vector
Complete seperation of concerns

Downsides:

Requires an extra HTTP request
more complex javascript

Script

//pure javascript $.on('domready',function({ //load the data $.get({ url:'/charts/3D1A2E', success: function(data){ //now use the chart data here ChartModule.init(data); } }); })

Source Link

answered Jan 6, 2014 at 4:59

actual_kangaroo

Script is static and can be cached permanently
PHP no longer an XSS Vector
Complete seperation of concerns

Downsides:

Requires an extra HTTP request
more complex javascript

Script

$.on('domready',function({ $.get({ url:'/charts/3D1A2E', success: function(data){ //now use the chart data here ChartModule.init(data); } }); })