| Thanks for asking, James. Many Rails apps get/create/update database data on the Javascript side. Sometimes it is done using some kind of framework (Ember, Angular). This is for the times you don't use a full fledged framework - think React or something similar. Its benefit is that you don't have to set up routes, parsing/encoding for the data you send. It lets you securely choose which parts of the model you want the Javascript to edit (permitted_columns). It also works with Active Model Serializers (f.e. UserSerializer) - it lets you specify which attributes to send to the client. It is as secure as you would do it yourself. If possible, please hack the databound.me website and help me fix the holes if there are any. Thanks! |