FYI, it’s not necessary to compile the whole SDK unless your current build is old. You can compile a single SWC at a time.
> On Oct 18, 2022, at 11:51 PM, Hugo Ferreira <hferreira...@gmail.com> wrote: > > Yes, it's exactly what I'm doing right now. > Compiling the SDK on my machine takes the time to dinner and even so, > probably it's not finished yet ! > I hope next year, I update my MacBook :) > > Harbs <harbs.li...@gmail.com> escreveu no dia terça, 18/10/2022 à(s) 21:38: > >> Let’s see what others think, but in the meantime there’s no reason to not >> fix the bug. There are other html setters which already set innerHTML. >> >> Harbs >> >>> On Oct 18, 2022, at 11:29 PM, Hugo Ferreira <hferreira...@gmail.com> >> wrote: >>> >>> Yes, I saw that helper (I searched for it name) :) >>> Yes, it's exactly what I mean: put this in one of the limites of the >>> workflow and never in the middle. >>> That's my opinion. >>> >>> >>> >>> Harbs <harbs.li...@gmail.com> escreveu no dia terça, 18/10/2022 à(s) >> 08:06: >>> >>>> There’s a sanitizeHTML helper function that’s relatively new. >>>> >>>> I don’t have a strong opinion on whether it should be sanitized by >> default >>>> or that should be the application developer’s responsibility. >>>> >>>> As far as PAYG is concerned, it’s better to put the responsibility on >> the >>>> app developer. >>>> >>>> As far as security is concerned, it would be better to sanitize in the >>>> framework. >>>> >>>> I personally would give precedence to PAYG because the threat of a XSS >>>> attack using innerHTML is a bit of a stretch in Royale. >>>> >>>> We should come up with a policy, document it, and stick to it across the >>>> framework. >>>> >>>> If we do sanitize in the components, it should probably happen in the >>>> model setter. >>>> >>>> What do others think? >>>> >>>>> On Oct 18, 2022, at 2:32 AM, Hugo Ferreira <hferreira...@gmail.com> >>>> wrote: >>>>> >>>>> Thank you very much. >>>>> I see the bug. >>>>> I hope that the Label (html property) that FormHeading that depends on, >>>>> doesn't have the same issue :) >>>>> >>>>> About the sanitize: >>>>> Should this be really a reponsibility of FormHeadingView !? >>>>> Shouldn't the responsibility on one of the edges (the limit of html >>>>> property core or on the end application) ? >>>>> In the middle, we could ending "sanitizing" too much just to be ensure. >>>>> >>>>> >>>>> >>>>> Harbs <harbs.li...@gmail.com> escreveu no dia segunda, 17/10/2022 à(s) >>>>> 19:25: >>>>> >>>>>> I assume this is Jewel. I don’t use Jewel, but I just looked at >>>>>> FormHeadingView and textChangeHandler is used for both textChange and >>>>>> htmlChange. In both cases it sets the text rather than html in the >>>>>> htmlChange case. That seems to be broken. >>>>>> >>>>>> If you fix this, make sure the html is sanitized when applied. >>>>>> >>>>>> Harbs >>>>>> >>>>>>> On Oct 16, 2022, at 5:17 PM, Hugo Ferreira <hferreira...@gmail.com> >>>>>> wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I'm using FormHeading when I have a lot of fields and want to create >> a >>>>>>> vertical separation (group of data). >>>>>>> It's OK, however I needed now to use in the FormHeading texto some >> HTML >>>>>>> (basic stuff like strong and br), however the property "text" of >>>>>>> FormHeading it's for simple real strings and not HTML. >>>>>>> I saw the html property, however this property does nothing. >>>>>>> It's something that it's not already implemented in the core or I'm >>>>>> missing >>>>>>> something ? >>>>>>> >>>>>>> I saw tht I can workaround, using a pure html:Div with innerHTML but >> I >>>>>> have >>>>>>> read in the past that I should avoid it. >>>>>> >>>>>> >>>> >>>> >> >>
