Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ember.String.isHtmlSafe RFC #139

Merged
merged 1 commit into from
Jun 12, 2016
Merged

Ember.String.isHtmlSafe RFC #139

merged 1 commit into from
Jun 12, 2016

Conversation

workmanw
Copy link
Contributor

@workmanw workmanw commented Apr 18, 2016

Rendered.

More details about this RFC can be found: emberjs/ember.js#13318

Polyfill implementation: https://github.com/workmanw/ember-string-ishtmlsafe-polyfill

@stefanpenner
Copy link
Member

I don't believe instanceof is the right thing here. Rather if htmlSafe is a function


# Summary

Introduce `Ember.String.isHtmlSafe()` to provide a reliable way to determine if an object is an "html safe string", IE was it created with `Ember.String.htmlSafe()`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i.e. I think, thought you were talking about the browser :-)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hehe. Yea I should clarify that. Thanks!

@rwjblue
Copy link
Member

rwjblue commented Apr 18, 2016

@workmanw - This looks good! Since we will be removing the deprecation that was added in 2.6.0-beta.1 can you add that deprecation as part of this RFC? When we add it back, we will make sure that it still passes a str instanceof Ember.Handlebars.SafeString check (to prevent the original issue).

@workmanw
Copy link
Contributor Author

@rwjblue Yea, absolutely.

@stefanpenner
Copy link
Member

I would be fine with isHtmlSafe being a function that returns true. It is likely more ergonomic then the typeof check.

alternatively and likely a better choice would be to have SafeString.isHtmlSafe(any) that way the user doesn't need any guards or anything, also it decouples the implementation of branding from the identification of the branding. Which seems quite future proof

@rwjblue
Copy link
Member

rwjblue commented Apr 18, 2016

I would be fine with isHtmlSafe being a function that returns true. It is likely more ergonomic then the typeof check.

Yes, that is what is being proposed here.

alternatively and likely a better choice would be to have SafeString.isHtmlSafe(any) that way the user doesn't need any guards or anything

How would this work? The proposal here suggests adding Ember.String.isHtmlSafe(<any>) that returns true / false. We would ultimately remove Ember.Handlebars.SafeString (adding a deprecation to Ember.Handlebars.SafeString is what drummed up the need for a public API to detect if a given object is an HTML safe string).

it decouples the implementation of branding from the identification of the branding

Hmm, the go forward path for operating with HTML safe strings is two methods on the same object:

  • Ember.String.htmlSafe(someString) -- This generates an HTML safe string.
  • Ember.String.isHtmlSafe(<any>) -- This detects if a given thing is a safe string (and is what this RFC is proposing).

This seems exactly like you are describing, what am I missing?

@stefanpenner
Copy link
Member

stefanpenner commented Apr 18, 2016

@rwjblue the implementation

rather then isHtmlSafe doing the instanceof check, it checks the branding. Note for security reasons the branding must be x && typeof x.someMember === 'function'

@rwjblue
Copy link
Member

rwjblue commented Apr 18, 2016

@stefanpenner - Yep, I commented similarly inline here (we should definitely not be doing instanceof to check this). IMO, the implementation of how to determine if a given thing is an HTML safe string is not part of this RFC (though obviously it will need to be done at implementation time), and we should definitely be doing the function check vs instanceof.

@stefanpenner
Copy link
Member

@rwjblue sounds like we are in agreement, my mobile client doesn't do a good job of letting me do line comments.

@rwjblue
Copy link
Member

rwjblue commented Apr 18, 2016

@stefanpenner - Gotcha, sorry for talking past each other there! Yes, I believe we are both on the same page. This RFC has been updated to mention the typeof obj === 'function' check (instead of instanceof), and now talks about the deprecation path. I think it is ready for a re-read...

@workmanw
Copy link
Contributor Author

Updated the RFC with the proposed implementation change. Also put together a polyfill that uses the "branding" technique that Stefan described. ember-string-ishtmlsafe-polyfill.

@mixonic
Copy link
Member

mixonic commented Jun 12, 2016

@workmanw thanks for this, and sorry this has hung here for so long. I'll push for some approval this weekend or this Friday and hopefully we can get it rolling :-D

@workmanw
Copy link
Contributor Author

Thanks! Happy to submit a PR for implementation given how trivial this is it shouldn't take much time at all.

@rwjblue
Copy link
Member

rwjblue commented Jun 12, 2016

Discussed during core team F2F, and we believe this is good for implementation.

@workmanw - Would you mind working on implementation in Ember and creation of a polyfill once the Ember implementation PR is landed?

@rwjblue rwjblue merged commit 8d8b335 into emberjs:master Jun 12, 2016
@workmanw
Copy link
Contributor Author

@rwjblue Happy to work on the implementation. A polyfill already exists :). https://github.com/workmanw/ember-string-ishtmlsafe-polyfill . But I will improve this polyfill once the implementation lands.

@rwjblue
Copy link
Member

rwjblue commented Jun 13, 2016

👍

workmanw pushed a commit to workmanw/ember.js that referenced this pull request Jun 19, 2016
…rjs/rfcs#139). Reintroduced deprecation of `new Ember.Handlebars.SafeString()`.
toddjordan pushed a commit to toddjordan/ember.js that referenced this pull request Sep 9, 2016
…rjs/rfcs#139). Reintroduced deprecation of `new Ember.Handlebars.SafeString()`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants