Yes, it's exactly what I'm doing right now. Compiling the SDK on my machine takes the time to dinner and even so, probably it's not finished yet ! I hope next year, I update my MacBook :)
Harbs <harbs.li...@gmail.com> escreveu no dia terça, 18/10/2022 à(s) 21:38: > Let’s see what others think, but in the meantime there’s no reason to not > fix the bug. There are other html setters which already set innerHTML. > > Harbs > > > On Oct 18, 2022, at 11:29 PM, Hugo Ferreira <hferreira...@gmail.com> > wrote: > > > > Yes, I saw that helper (I searched for it name) :) > > Yes, it's exactly what I mean: put this in one of the limites of the > > workflow and never in the middle. > > That's my opinion. > > > > > > > > Harbs <harbs.li...@gmail.com> escreveu no dia terça, 18/10/2022 à(s) > 08:06: > > > >> There’s a sanitizeHTML helper function that’s relatively new. > >> > >> I don’t have a strong opinion on whether it should be sanitized by > default > >> or that should be the application developer’s responsibility. > >> > >> As far as PAYG is concerned, it’s better to put the responsibility on > the > >> app developer. > >> > >> As far as security is concerned, it would be better to sanitize in the > >> framework. > >> > >> I personally would give precedence to PAYG because the threat of a XSS > >> attack using innerHTML is a bit of a stretch in Royale. > >> > >> We should come up with a policy, document it, and stick to it across the > >> framework. > >> > >> If we do sanitize in the components, it should probably happen in the > >> model setter. > >> > >> What do others think? > >> > >>> On Oct 18, 2022, at 2:32 AM, Hugo Ferreira <hferreira...@gmail.com> > >> wrote: > >>> > >>> Thank you very much. > >>> I see the bug. > >>> I hope that the Label (html property) that FormHeading that depends on, > >>> doesn't have the same issue :) > >>> > >>> About the sanitize: > >>> Should this be really a reponsibility of FormHeadingView !? > >>> Shouldn't the responsibility on one of the edges (the limit of html > >>> property core or on the end application) ? > >>> In the middle, we could ending "sanitizing" too much just to be ensure. > >>> > >>> > >>> > >>> Harbs <harbs.li...@gmail.com> escreveu no dia segunda, 17/10/2022 à(s) > >>> 19:25: > >>> > >>>> I assume this is Jewel. I don’t use Jewel, but I just looked at > >>>> FormHeadingView and textChangeHandler is used for both textChange and > >>>> htmlChange. In both cases it sets the text rather than html in the > >>>> htmlChange case. That seems to be broken. > >>>> > >>>> If you fix this, make sure the html is sanitized when applied. > >>>> > >>>> Harbs > >>>> > >>>>> On Oct 16, 2022, at 5:17 PM, Hugo Ferreira <hferreira...@gmail.com> > >>>> wrote: > >>>>> > >>>>> Hi, > >>>>> > >>>>> I'm using FormHeading when I have a lot of fields and want to create > a > >>>>> vertical separation (group of data). > >>>>> It's OK, however I needed now to use in the FormHeading texto some > HTML > >>>>> (basic stuff like strong and br), however the property "text" of > >>>>> FormHeading it's for simple real strings and not HTML. > >>>>> I saw the html property, however this property does nothing. > >>>>> It's something that it's not already implemented in the core or I'm > >>>> missing > >>>>> something ? > >>>>> > >>>>> I saw tht I can workaround, using a pure html:Div with innerHTML but > I > >>>> have > >>>>> read in the past that I should avoid it. > >>>> > >>>> > >> > >> > >
