1

I recently embarked on a highly interactive html5 application using d3.js and svg.

Though currently running entirely in the browser, I've taken care to separate code used to generate the svg structures from that manipulating them.

To protect at least the svg generation logic (by far the greater effort), I'm toying with the idea of it's server-side generation using node.js, somehow "clipping" the resulting DOM or SVG structure, passing this to the browser and effectively "grafting" it onto (respectively) the local DOM or a prepared html div. The goals:

  1. none of the original "svg-generating" javascript would be transferred
  2. any resulting structure should ultimately be addressable using d3's select() or selectAll() calls

I have no node.js and only vague html5 DOM knowledge. My questions:

  • Is transfer of part of a raw DOM or SVG structure to the browser feasible, and how?
  • If both possible, which would you recommend
  • Are there specific security issues I should be aware of

I realise this is a potentially complex issue, welcome partial answers and relevant leads (books, tuturials, examples).

Though I searched intensively before posting this question, I missed Accessing a DOM object defined in an external SVG file. Looks promising, but given the size and complexity of the structures I need to transfer, I'd welcome further comment.

Thanks

Community
  • 1
  • 1
user1019696
  • 453
  • 1
  • 5
  • 15
  • Why protect logic, it's a waste of time. – Raynos Dec 12 '11 at 14:08
  • Here's why. The logic in question generates a hierarchy comprising thousands of svg objects. I'm aware the accepted wisdom, am enthusiastic as the next about open source, but also unemployed and over 55. The more difficult I make a plagiarist's life, the better the chances my family don't go hungry, and WTH, the time wasted is only my own, right? Let's both hope that I can bring it to a point where I too can relax on this. – user1019696 Dec 12 '11 at 15:00
  • Why do you think this would be any different to regular [Ajax](http://en.wikipedia.org/wiki/Ajax_%28programming%29)? – robertc Dec 12 '11 at 15:21
  • @user1019696 I didn't say make it open source. What I meant to say was think carefully about whether you favor "user experience" or "code protection". If the code belongs on a server, put it there. If it belongs on the client, put it there. Deal with code theft like everyone else does, through legal avenues. – Raynos Dec 12 '11 at 15:59

1 Answers1

2

  1. Is transfer of part of a raw DOM or SVG structure to the browser feasible, and how?

    Yes, it is possible. Simply transfer any particular sub-node/tree of the SVG as its own XML document.

  2. If both possible, which would you recommend

    HTTP communication is all strings, so you can't pass 'DOM' objects over the network. All you can pass are the serialized versions (the raw SVG XML).

  3. Are there specific security issues I should be aware of

    None that I can think of. This seems like standard server-side generation of content. What sort of issues were you thinking about? You're not going to execute raw code sent in the HTTP request on your server, are you?

Community
  • 1
  • 1
Phrogz
  • 296,393
  • 112
  • 651
  • 745
  • Thanks, Phrogz, no: there is not raw code being sent. My concerns related more to (the possibility of) DOM-clipping transfer. – user1019696 Dec 12 '11 at 13:56