-
-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ember.String.isHtmlSafe RFC #139
Conversation
I don't believe instanceof is the right thing here. Rather if htmlSafe is a function |
|
||
# Summary | ||
|
||
Introduce `Ember.String.isHtmlSafe()` to provide a reliable way to determine if an object is an "html safe string", IE was it created with `Ember.String.htmlSafe()`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i.e.
I think, thought you were talking about the browser :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hehe. Yea I should clarify that. Thanks!
@workmanw - This looks good! Since we will be removing the deprecation that was added in 2.6.0-beta.1 can you add that deprecation as part of this RFC? When we add it back, we will make sure that it still passes a |
@rwjblue Yea, absolutely. |
I would be fine with isHtmlSafe being a function that returns true. It is likely more ergonomic then the typeof check. alternatively and likely a better choice would be to have SafeString.isHtmlSafe(any) that way the user doesn't need any guards or anything, also it decouples the implementation of branding from the identification of the branding. Which seems quite future proof |
Yes, that is what is being proposed here.
How would this work? The proposal here suggests adding
Hmm, the go forward path for operating with HTML safe strings is two methods on the same object:
This seems exactly like you are describing, what am I missing? |
@rwjblue the implementation rather then isHtmlSafe doing the instanceof check, it checks the branding. Note for security reasons the branding must be |
@stefanpenner - Yep, I commented similarly inline here (we should definitely not be doing |
@rwjblue sounds like we are in agreement, my mobile client doesn't do a good job of letting me do line comments. |
@stefanpenner - Gotcha, sorry for talking past each other there! Yes, I believe we are both on the same page. This RFC has been updated to mention the |
Updated the RFC with the proposed implementation change. Also put together a polyfill that uses the "branding" technique that Stefan described. ember-string-ishtmlsafe-polyfill. |
@workmanw thanks for this, and sorry this has hung here for so long. I'll push for some approval this weekend or this Friday and hopefully we can get it rolling :-D |
Thanks! Happy to submit a PR for implementation given how trivial this is it shouldn't take much time at all. |
Discussed during core team F2F, and we believe this is good for implementation. @workmanw - Would you mind working on implementation in Ember and creation of a polyfill once the Ember implementation PR is landed? |
@rwjblue Happy to work on the implementation. A polyfill already exists :). https://github.com/workmanw/ember-string-ishtmlsafe-polyfill . But I will improve this polyfill once the implementation lands. |
👍 |
…rjs/rfcs#139). Reintroduced deprecation of `new Ember.Handlebars.SafeString()`.
…rjs/rfcs#139). Reintroduced deprecation of `new Ember.Handlebars.SafeString()`.
Rendered.
More details about this RFC can be found: emberjs/ember.js#13318
Polyfill implementation: https://github.com/workmanw/ember-string-ishtmlsafe-polyfill