-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up OdtDocument cursor position tests #783
Conversation
Build succeeded. |
@@ -569,7 +569,7 @@ core.UnitTester = function UnitTester() { | |||
**/ | |||
function link(text, code) { | |||
return "<span style='color:blue;cursor:pointer' onclick='" + code + "'>" | |||
+ text + "</span>"; | |||
+ text.replace(/</g, "<") + "</span>"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I propose to instead add a generic encodeForHTML
(or better named) method which encodes <
, >
and &
and to use it in all places where text is added to the HTML output.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hrm. Where else are you proposing this encode function being used?
I actually would like to never see such a thing in production code, as the somewhat uncontrolled string concatenation happening here seems like very bad practice to me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hrm. Where else are you proposing this encode function being used?
Now that I tried to list them, there might be only that one other place in core.UnitTester
which I saw initially, https://github.com/kogmbh/WebODF/blob/master/webodf/lib/core/UnitTester.js#L635 Somehow I expected more :)
This also made me look at BrowserRuntime.log
where I learned that any log messages which start with <
are set to innerHTML (thus need to be encoded) while all others are just passed into a new text node, so do not need encoding, okay. So still leaves the encoding problem with those inBrowser
-special logging with custom spans, where the caller has to make sure things are properly encoded.
And I also learned from e.g. http://shebang.brandonmintern.com/foolproof-html-escaping-in-javascript/ that encoding is best left to the browser, e.g. by
function escapeHtml(str) {
var div = document.createElement('div');
div.appendChild(document.createTextNode(str));
return div.innerHTML;
};
Hm. So what to do here without going over-board. Just the proposed fix still seems to be too hacky and done on case-by-case.
Oh well. Without a better idea, please just add a comment to it that this is an unclean fix to a certain problem.
And while talking, in line 637 it should be test.description()
, not test.description
, or? Please give that a patch as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Brandon and I share the same opinion about the best way to do escape.
I don't mind leaving this as a nasty hack for the simple reason that if it looks like a bad hack, no-one will be tempted to copy it out of the file 🎌. Or... if they do, it should become extremely obvious to the reviewer that this code was never meant to make it into production!
But, I will happily comment the line to reinforce this!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still slightly confused why only <
is cared for and not also >
(and perhaps &
for a possible test name char)? Because browsers can do proper error resolving with those other entities (no <
before -> show <
as char, no entity name after &
-> show as char)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For most browser display purposes, escaping the open-tag is sufficient to ensure the code isn't parsed as HTML. Escaping the ampersand isn't necessary with the test names I'm using so far, but it would make sense for future-proofing.
However, as discussed on the ML, I want to throw away all this code and replace it with jasmine anyway. As a result, I don't feel it's a good investment to do any real future-proofing on this part of the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mh, okay. I would have made the escaping catch here a bit more broad given that examples show some non-[azAZ] chars to expect, but if you think this will soon be replaced and until then should just be hacked on case-by-case, well, there are more important things to discuss about :)
So please go with this and rebase and merge 🐹
For the rest looks good to me and more useful indeed. |
347f9c4
to
f6a7602
Compare
Build succeeded. |
5b489d9
to
c91ba66
Compare
Build succeeded. |
Build succeeded. |
c91ba66
to
282c53c
Compare
Build succeeded. |
282c53c
to
5783bc3
Compare
Build succeeded. |
5783bc3
to
fce32ec
Compare
Build succeeded. |
fce32ec
to
416e0e5
Compare
Build succeeded. |
416e0e5
to
294542b
Compare
Build succeeded. |
Thanks for reviewing! |
Clean up OdtDocument cursor position tests
Make OdtDocument cursor position tests more granular in how they are reported. This makes it easier to troubleshoot individual failing tests as the individual test is more specific.