Depending on the format of the request Symfony2 returns a response of the same type (html, css, json, etc.). This is very appreciably. But if I make a template in a defined format and execute the escape character in that context, but eventually the page is rendered in a different format, this will not risk generating output dangerous?
Example: http://symfony.com/it/doc/current/book/index.html?_format=json
There is the danger of unintentionally create a resource that may contain hazardous output / unexpected? This is intentional? Why?
respond_to is a method on the superclass ActionController . it takes a block, which is like a delegate. The block is from do until end , with |format| as an argument to the block. respond_to executes your block, passing a Responder into the format argument.
render :json essentially calls to_json and returns the result to the browser with the correct headers. This is useful for AJAX calls in JavaScript where you want to return JavaScript objects to use. Additionally, you can use the callback option to specify the name of the callback you would like to call via JSONP.
A respond_to shortcut it works the same way as writing the full respond_to block in index . It's a short way to tell Rails about all the formats your action knows about. And if different actions support different formats, this is a good way to handle those differences without much code.
Rails has built-in support for converting objects to JSON and rendering that JSON back to the browser: render json: @product. You don't need to call to_json on the object that you want to render. If you use the :json option, render will automatically call to_json for you.
In the case of the official Symfony2 documentation, I think it is intentional. But if you make a template in a defined format and execute the escape character in that context, then you can to enforce the request allowed formats as follow:
article_show:
pattern: /articles/{culture}/{year}/{title}.{_format}
defaults: { _controller: AcmeDemoBundle:Article:show, _format: html }
requirements:
culture: en|fr
_format: html|rss
year: \d+
This example highlights the special _format
routing parameter. When using this parameter, the matched value becomes the "request format" of the Request object. Ultimately, the request format is used for such things such as setting the Content-Type of the response (e.g. a json request format translates into a Content-Type of application/json). It can also be used in the controller to render a different template for each value of _format. The _format parameter is a very powerful way to render the same content in different formats. Read more...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With