Hi Sudarma, Hemika, I have started documenting these practices [1] Please point me to any problem arias and your personal finding that you think are import, so I can add them to the doc.
[1] https://docs.wso2.com/display/UUF100/Code+Review On Wed, Jun 15, 2016 at 11:01 AM, Manuranga Perera <[email protected]> wrote: > Hi Sudharma, > In your case, please try to make a view-model, and actually render the > view-model using HBS the normal way. > > func onRequest(){ > var myForm = ...; // eg: [{"name": "string"}, {"id": "number" }] > ... > > return toViewModel(myForm); > } > > func toViewModel(formModel){ > var viewModel = {element: []}; > for (var key in formModel) { > if(...){ > ... > viewModel.elements.push(...) > } > } > return viewModel; // eg: {"element: [{"isInput":true,"id":"name", > "label": "Name", "type", "text"}, ...]} > } > > > <form> > {{each element}} > {{#if isInput}} > <label for="{{id}}">{{label}}</label> > <input type="{{type}}" id="{{id}}"> > {{/if}} > {{#if isTextAria}} > ... > {{/if}} > ... > {{/each}} > </form> > > > Hi Sajith,Rasika, > > We may need to "bake-in" the idea of a view-model to the framework. > > On Mon, Jun 13, 2016 at 7:24 AM, Sudharma Subasinghe <[email protected]> > wrote: > >> There was a case to generate dynamic form using string such as >> "<div>.....</div>" and I had to use {{{ }}} to generate the form >> dynamically. >> >> Hence need a function to resolve this also. >> >> On Fri, Jun 10, 2016 at 9:07 PM, Ayoma Wijethunga <[email protected]> wrote: >> >>> +1 for not using "{{{". >>> >>> We will further check on adding such patterns ("{{{ * }}}") in planned >>> Jenkins based automated security scans (static code analysis). >>> >>> On Fri, Jun 10, 2016 at 8:47 PM, SajithAR Ariyarathna <[email protected] >>> > wrote: >>> >>>> +1 for abandoning "{{{" >>>> >>>> toClent("fromBackend.protocols", protocols); >>>> >>>> We can implement this in the next milestone. >>>> >>>> On Fri, Jun 10, 2016 at 8:12 PM, Manuranga Perera <[email protected]> >>>> wrote: >>>> >>>>> These are mistakes we have already made in our old systems, let's not >>>>> repeat them >>>>> >>>>> 1) Please DO NOT use "{{{", it introduces SECURITY VULNERABILITIES, >>>>> Sajith,Rasika we need to introduce a new function. Don't even tell >>>>> people about "{{{" >>>>> in backend JS, Hemika should be able to do the following >>>>> >>>>> toClent("fromBackend.protocols", protocols); >>>>> >>>>> and in frontend, he should be able to just >>>>> console.log(fromBackend.protocols) and see the json >>>>> Given the cost of this kind of vulnerabilities, I don't think we >>>>> should even do this as a temp solution. We should safe stringify before >>>>> sending, view source of gmail and search "var GLOBALS" and you see >>>>> how safe json stringify works. ALL non-alpha-numeric has to be encoded >>>>> with >>>>> \x. Not just " but things like < , which are normally considered safe in >>>>> json, has to be encoded [1]. >>>>> >>>>> 2) We shouldn't manually iterating to convert to JSON. This just adds >>>>> unnecessary boilerplate work dev has to do. If we implement (1) we don't >>>>> need this for now. So we can discuss this later. But also see [2] >>>>> >>>>> [1] see "JavaScript Encoding" in >>>>> https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#Output_Encoding_Rules_Summary >>>>> [2] >>>>> http://mail.openjdk.java.net/pipermail/nashorn-dev/2013-September/002013.html >>>>> >>>>> On Fri, Jun 10, 2016 at 4:46 AM, Hemika Kodikara <[email protected]> >>>>> wrote: >>>>> >>>>>> Also please note that I used JSON.stringify method in server side js. >>>>>> >>>>>> Hemika Kodikara >>>>>> Software Engineer >>>>>> WSO2 Inc. >>>>>> lean . enterprise . middleware >>>>>> http://wso2.com >>>>>> >>>>>> Mobile : +94777688882 >>>>>> >>>>>> On Fri, Jun 10, 2016 at 2:13 PM, Hemika Kodikara <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Thanks Rasika for the solution. >>>>>>> >>>>>>> In the client side JS, have the following code : >>>>>>> >>>>>>> <script type="text/javascript"> >>>>>>> var protocols = *{{{protocols}}}*; >>>>>>> $.each(protocols, function(index, value) { >>>>>>> >>>>>>> $('#queue-subscription-protocols').append($('<option>').text(value).attr('value', >>>>>>> index)); >>>>>>> }); >>>>>>> </script> >>>>>>> >>>>>>> Have to use 3 curly braces. >>>>>>> >>>>>>> Regards, >>>>>>> Hemika >>>>>>> >>>>>>> Hemika Kodikara >>>>>>> Software Engineer >>>>>>> WSO2 Inc. >>>>>>> lean . enterprise . middleware >>>>>>> http://wso2.com >>>>>>> >>>>>>> Mobile : +94777688882 >>>>>>> >>>>>>> On Fri, Jun 10, 2016 at 2:00 PM, Hemika Kodikara <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Milinda, >>>>>>>> >>>>>>>> It is not a string array, its actually java objects that is there. >>>>>>>> >>>>>>>> Hi Sajith, >>>>>>>> >>>>>>>> I modified the nashorn script as following : >>>>>>>> >>>>>>>> var onRequest = function (context) { >>>>>>>> var protocols = callOSGiService("org.wso2.andes.kernel.Andes", >>>>>>>> "getSupportedProtocols", []); >>>>>>>> var protocolStrings = []; >>>>>>>> for each (var item in protocols) { >>>>>>>> protocolStrings.push(item.toString()); >>>>>>>> } >>>>>>>> >>>>>>>> // var protocolsJson = JSON.stringify(protocolStrings); >>>>>>>> return {"protocols" : protocolStrings}; >>>>>>>> }; >>>>>>>> >>>>>>>> I am assigning the "protocols" json value to a javascript variable >>>>>>>> in the client-side as following : >>>>>>>> >>>>>>>> var protocols =* {{protocols}}*; >>>>>>>> $.each(protocols, function(index, value) { >>>>>>>> >>>>>>>> ('#queue-subscription-protocols').append($('<option>').text(value).attr('value', >>>>>>>> index)); >>>>>>>> }); >>>>>>>> >>>>>>>> >>>>>>>> But I am getting the following errors when rendered the page(client >>>>>>>> side js) : >>>>>>>> >>>>>>>> var protocols = [object Array]; <-- Syntax error >>>>>>>> >>>>>>>> When I use JSON.stringify in server side js, I get the following >>>>>>>> output : >>>>>>>> >>>>>>>> var protocols = >>>>>>>> ["AMQP-0-10","MQTT-default","AMQP-0-91","AMQP-8-0","AMQP-0-9"]; >>>>>>>> <-- Unexpected token & >>>>>>>> >>>>>>>> Any Idea ? >>>>>>>> >>>>>>>> Regards, >>>>>>>> Hemika >>>>>>>> >>>>>>>> >>>>>>>> Hemika Kodikara >>>>>>>> Software Engineer >>>>>>>> WSO2 Inc. >>>>>>>> lean . enterprise . middleware >>>>>>>> http://wso2.com >>>>>>>> >>>>>>>> Mobile : +94777688882 >>>>>>>> >>>>>>>> On Fri, Jun 10, 2016 at 12:51 PM, Milinda Perera <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Hi Hemika, >>>>>>>>> >>>>>>>>> If AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0, AMQP-0-9 are >>>>>>>>> strings, following should work >>>>>>>>> >>>>>>>>> JSON.parse("[\"AMQP-0-10\", \"MQTT-default\", \"AMQP-0-91\", >>>>>>>>> \"AMQP-8-0\", \"AMQP-0-9\"]") >>>>>>>>> >>>>>>>>> Accroding to [1] within array " A *value* can be a *string* in >>>>>>>>> double quotes, or a *number*, or true or false or null, or an >>>>>>>>> *object* or an *array*. These structures can be nested." >>>>>>>>> >>>>>>>>> [1] http://www.json.org/ >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Mili >>>>>>>>> >>>>>>>>> On Fri, Jun 10, 2016 at 12:33 PM, Hemika Kodikara <[email protected] >>>>>>>>> > wrote: >>>>>>>>> >>>>>>>>>> Hi All, >>>>>>>>>> >>>>>>>>>> I am invoking the callOSGiService method in nashorn to get a list >>>>>>>>>> of protocols thats in andes of MB. >>>>>>>>>> >>>>>>>>>> I am getting the following output after invoking the >>>>>>>>>> callOSGiService : >>>>>>>>>> [AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0, AMQP-0-9] >>>>>>>>>> >>>>>>>>>> But need to convert it into a javascript array(Probably a String >>>>>>>>>> array). Need to bind it to a dropdown(select element). >>>>>>>>>> >>>>>>>>>> I tried JSON.parse, but getting the following errors : >>>>>>>>>> >>>>>>>>>> jjs> JSON.parse("[AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0, >>>>>>>>>> AMQP-0-9]"); >>>>>>>>>> <shell>:1 SyntaxError: Invalid JSON: <json>:1:1 Expected json >>>>>>>>>> literal but found ident >>>>>>>>>> [AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0, AMQP-0-9] >>>>>>>>>> ^ >>>>>>>>>> >>>>>>>>>> jjs> JSON.parse([AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0, >>>>>>>>>> AMQP-0-9]); >>>>>>>>>> ECMAScript Exception: SyntaxError: <shell>:1:28 Expected an >>>>>>>>>> operand but found default >>>>>>>>>> JSON.parse([AMQP-0-10, MQTT-default, AMQP-0-91, AMQP-8-0, >>>>>>>>>> AMQP-0-9]); >>>>>>>>>> ^ >>>>>>>>>> >>>>>>>>>> My OSGi method returns a Set<ProtocolType>. >>>>>>>>>> >>>>>>>>>> How can I achieve this ? >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Hemika >>>>>>>>>> >>>>>>>>>> Hemika Kodikara >>>>>>>>>> Software Engineer >>>>>>>>>> WSO2 Inc. >>>>>>>>>> lean . enterprise . middleware >>>>>>>>>> http://wso2.com >>>>>>>>>> >>>>>>>>>> Mobile : +94777688882 >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Milinda Perera >>>>>>>>> Software Engineer; >>>>>>>>> WSO2 Inc. http://wso2.com , >>>>>>>>> Mobile: (+94) 714 115 032 >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> With regards, >>>>> *Manu*ranga Perera. >>>>> >>>>> phone : 071 7 70 20 50 >>>>> mail : [email protected] >>>>> >>>> >>>> >>>> >>>> -- >>>> Sajith Janaprasad Ariyarathna >>>> Software Engineer; WSO2, Inc.; http://wso2.com/ >>>> >>> >>> >>> >>> -- >>> Ayoma Wijethunga >>> Software Engineer >>> Platform Security Team >>> WSO2, Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> Mobile : +94 (0) 719428123 <+94+(0)+719428123> >>> Blog : http://www.ayomaonline.com >>> LinkedIn: https://www.linkedin.com/in/ayoma >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Sudharma Subasinghe, >> Software Engineer, >> WSO2 Inc. >> Email: [email protected] <[email protected]> >> Mobile : +94 710 565 157 <%2B94%20718%20210%20200> >> > > > > -- > With regards, > *Manu*ranga Perera. > > phone : 071 7 70 20 50 > mail : [email protected] > -- With regards, *Manu*ranga Perera. phone : 071 7 70 20 50 mail : [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
