1

this is a complete noob question, but I am brand new to javascript and web development, so please bear with me :)

I have objects in a Parse class that I want to list on a website. I want to iterate through these objects and list them (I am in an html file).

Here is my code:

 <script>
Parse.initialize("XXXXXXX");

var Post = Parse.Object.extend("Post");

        function getPosts() {
            var query = new Parse.Query(Post);
            query.find({
                success: function(results){

                    var output = "";
                    for (var i in results) {
                        var title = results[i].get("activityTitle");
                        console.log("ok now");

                        output += "<div class=\"row container-post\">
                        <div class=\"col-md-4 col-sm-6\">
                            <div class=\"post-container\">
                                 <div class=\"post-content no-padding\">
                                        <img src=\"assets/image-portfolio-02.jpg\" alt=\"danish personal blog template\"></div>
                                <div class=\"post-content\">";

                        output += title;
                        output += "</div></div></div></div>";



                    }
                    $("#list-posts").html(output);
                }, error: function(error) {
                    console.log("Query Error:"+error.message);
                }

            });
        }

        getPosts();

    </script>
Improve this question
1
  • protip: don't use alert(...), use console.log(...) instead. Alert is process blocking, which you generally don't want. Use the dev tools, and look at the console: all console.log(...) calls will write data there. And not just strings, unlike alert the console.log function can take any input and properly show it. As secondary tip: modern HTML does not require you to say type="text/javascript" for a script element. That's 1998's HTML4.01, which we're no longer using =) Commented Nov 29, 2015 at 1:39

2 Answers 2

Reset to default
0

Once you have your results, literally start building your content. Say we have this on the HTML side:

<div class="results target"></div>

then we can do this on the JS side:

<script type="text/javascript">
Parse.initialize(...);

new Parse.Query(Post).find({
  success: function(results) {
    buildResultHTML(results);
  }
});

function buildResultHTML(data) {
  var container = document.querySelector("div.results.target");
  data.forEach(function(entry) {
    container.appendChild(buildHTMLRow(entry));
  });
}

function buildHTMLRow(data) {
  // there are a million ways to do this. Usually, you use a templating
  // library to make live easier. Let's roll one:
  var outer = document.createElement("div");
  var img = document.createElement("img");
  var url = data.imagelinkwhatever;
  // safety first: is this a real http:// or https:// link? If not, DON'T USE IT
  img.src = url.indexOf("http") === 0 ? url : "";
  var p = document.createElement("p");
  p.textContent = data.textwhatever; 
  // note: also NEVER use .innerHTML if your data can come from "not you".
  // It's an instant XSS exploit waiting to happen. See below.
  outer.appendChild(img);
  outer.appendChild(p);
  return outer;
}
</script>

But, as the code says: you typically want to use a templating library instead, so you don't have to worry about things like messy JS creation of DOM elements, user content security, etc.

And security is important: if that Parse result can give you something like this:

{
  imgurlwhatever: "javascript:alert('lol')",
  textwhatever: "<script>alert('lol');</script>"
}

then your page, if it uses blind img.src=... and p.innerHTML=..., will happily execute that JS. That sounds silly, but alert('lol') is a placeholder: if we can get that to run, we can also get things like "call another site's url using an XHR, with the content of document.cookies as url query parameters" and suddenly shit gets real(tm).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

ok, I finally figured it out. Here is the code:

  <script>
Parse.initialize("XXXXXXXXXXXXXX");

var Post = Parse.Object.extend("Post");

        function getPosts() {
            var query = new Parse.Query(Post);
            query.find({
                success: function(results){

                    var output = "";
                    for (var i in results) {
                        var title = results[i].get("activityTitle");
                        console.log("ok now");

                        var img = ""
                        var file = results[i].get("Bild");
                        var url = file.url();
                        img = "<img src='"+url+"'>";


                        output += "<div class=\"container\">";
                        output += "<div class=\"row\">";
                        output += "<div class=\"col-md-4\">";
                        output += "<div class=\"post-container\">";
                        output += "<div class=\"post-content no-padding\">";
                        output += img;
                        output += "</div>";
                        output += "<div class=\"post-content\">";
                        output += title;
                        output += "</div";
                        output += "</div>";
                        output += "</div>";
                        output += "</div>";
                        output += "</div>";

                    }
                    $("#list-posts").html(output);
                }, error: function(error) {
                    console.log("Query Error:"+error.message);
                }

            });
        }

        getPosts();

    </script>

And just above the javascript code, in the HTML, I just put:

 <p id="list-posts">
</p>

This gets the objects from parse, and lists them out for me in the format I wanted. thanks for the suggestions though. For anyone else who may need help in the future with something like this, this video (and others by the author) really helped me: https://www.youtube.com/watch?v=_fxh825Bnpg&index=4&list=PLoN_ejT35AEhbFswEKW36LxzyXJs7xCWS

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.