Is there any reason for storing an <img> like in the below json object instead of just storing the img’s URL?
{
image_code: "<img src='https://s3.amazonaws.com/p.image.slated.com/film/26/82/164978/1_small.jpg?get=1438695599' alt='The War on Women' class='filmIcon' data-tracked='False' data-id='20/164978' />",
description: "Part investigative journalism, part documentary storytelling, we explore the issue of violence toward women through personal stories from survivors, offenders and advocates.",
link_code: "<a href='/films/164978/'>The War on Women</a>",
value: "The War on Women",
},
It forces you to inject/sanitize html which is a pain in the ass and opens up the (vastly over-sensationalized) risk of some kind of injection attack if you don’t sanitize well.
This seems to be an antipattern. Where did you see this used? I would always just store the URL. In the days of shitty computing power, it might have made sense to store pre-rendered data. If most of your clients are running Windows 98, you might wanna save their computer a hard day’s work.
A good rule of thumb in data storage is to store the most reduced representation of your data. Since rendering a URL in a browser is a matter of, well, rendering, you shouldn’t be storing the markup in your database. I’m sure many people do this though. I guess it’s a matter of taste.
As @streemo stated this is a definite anti-pattern. Also I don’t think I would call the security hold this could potentially open up vastly over sensationalized. XSS attacks very serious can could lead to not only access to your users accounts, but their accounts on other sites.