Activity Stream #79
Activity Stream #79
Conversation
…ckets and users. WIP. See comments in bounty bucketsio#82.
| type = escapeExpression resource.type | ||
| name = escapeExpression resource.name | ||
| email = escapeExpression resource.email | ||
| bucketSlug = escapeExpression resource.bucket?.slug |
There was a problem hiding this comment.
Is all the escaping necessary? Since we're supplying the resource ourself, and it goes through SafeString below-
There was a problem hiding this comment.
I didn't like what I was doing here (or what I had to do here) either. In general I was hoping to have some link and url helpers available to do something like: link_to admin_user_path user. More on that in response to your other comment.
Regarding the escaping and using SafeString, I understood that because I'm using SafeString, I need to do the escaping (since SafeString expects a safe string).
See the link helper example on http://handlebarsjs.com/, where it says:
Handlebars will not escape a Handlebars.SafeString. If you write a helper that generates its own HTML, you will usually want to return a new Handlebars.SafeString(result). In such a circumstance, you will want to manually escape parameters.
There was a problem hiding this comment.
Yep, sorry, you're right. In that case, though, let's just escape name since I think it's the only one susceptible to invalid user input-
…s to run through while we figure out Activity design.
…me. Time to get a new machine?
…ions instead of using a home grown polymorphic'ish ref system as discussed in bounty bucketsio#82.
* Re-implement tests * User logger in Activity model
Continue Activities works
Conflicts: server/models/activity.coffee
|
Merged the refs version into this one and adjusted the tests. There are still some more pending tests to be implemented which I may get to in the next days. |
Branch for activity stream commits. Still WIP. Will post comments in https://assembly.com/buckets/bounties/82 to keep it all in one thread.