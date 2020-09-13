Concatenation in Javascript Demystifying various method in strings and inserting HTML code

I often get confused when passing HTML in JS variables/objects.

If I start with a relevant example:

var message = data.name.first+' '+data.name.last ;

My Point of confusion:

Are we interchangeably using the + sign?

In the above example I tried to add an image:

var message = data.name.first+''+data.name.last + '<br><img src="+data.picture.large+" alt="">';

But this actually didn’t work.

I also have seen a few code writers using {} brackets to do the same. Can we also discuss that

Can we discuss this, the best practice and usage of " ", '', + sign when to use how to insert strings and how to insert HTML code?

Well to get started, you were missing just a couple of opening and closing quotes around '<br><img src=" and " alt="">'.

It should be '<br><img src="'+data.picture.large+'" alt="">'

So a simple test, we could try something like this

<!DOCTYPE html>
<html lang='en'>
<head>
  <meta charset='UTF-8'>
  <meta name='viewport' content='width=device-width, initial-scale=1.0'>
  <title>Document</title>
</head>
<body>
  <div class='content'></div>
<script>
  document.addEventListener('DOMContentLoaded', function(event) {
    const content = document.querySelector('.content')
    const data = {
      name: {
        first: 'John',
        last: 'Smith'
      },
      picture: {
        large: 'url of image here'
      }
    }

    content.innerHTML = data.name.first+''+data.name.last + '<br><img src="'+data.picture.large+'" alt="">'
  })
</script>
</body>
</html>

There are security issues with using innerHTML in that it should never be used in conjunction with user input, as there is the risk of malicious code injection.

Another option using a template string, which is a lot clearer.

  document.addEventListener('DOMContentLoaded', function(event) {
    const content = document.querySelector('.content')
    const data = {
      name: {
        first: 'John',
        last: 'Smith'
      },
      picture: {
        large: 'url of image here'
      }
    }

    const { name, picture } = data // a bit of destructuring here so we can lose the need for data.

    // template string e.g. `${variable}`
    content.innerHTML = `${name.first} ${name.last} <br><img src="${picture.large}" alt="">`
  })

A more efficient solution instead of innerHTML is insertAdjacentHTML
MDN - insertAdjacentHTML

e.g.

content.insertAdjacentHTML('afterbegin', `${name.first} ${name.last} <br><img src="${picture.large}" alt="">`)

Worthy of note from the MDN page

When inserting HTML into a page by using insertAdjacentHTML() , be careful not to use user input that hasn’t been escaped.

It is not recommended you use insertAdjacentHTML() when inserting plain text; instead, use the Node.textContent property or the Element.insertAdjacentText() method. This doesn’t interpret the passed content as HTML, but instead inserts it as raw text.

Another more verbose approach using documentFragment

    const fragment = new DocumentFragment()
    const fullname = document.createTextNode(`${name.first} ${name.last}`)
    const linebreak = document.createElement('br')
    const img = document.createElement('img')
    
    img.src = `${picture.large}`
    img.alt = 'large picture'

    fragment.appendChild(fullname)
    fragment.appendChild(linebreak)
    fragment.appendChild(img)
    content.appendChild(fragment)
