-
-
Notifications
You must be signed in to change notification settings - Fork 360
Conversation
…to event table, update event seeders to generate fake event urls
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do any tests need updating? Do we even have tests for this? 🤔
The only tests I saw were for the mailer |
I'm no good on the technical end, but this does appear to add an event.url as we discussed in #378 and which became #381 so I'm good with it. @KatieN it sounded like @timmyichen and @Ryuno-Ki were suggesting adding logic to validate the value passed in is actually a valid URL. Could that be added to this PR? |
Validation is in there :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm good with this from the business logic. If @timmyichen and @Ryuno-Ki are good then holler and one of us can merge it.
@Ryuno-Ki if you give the formal approval, then we'll merge this in. |
Sorry, I was busy the last days. Lemme take a look! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm worried about the lack of validation on URL input.
For example, this could lead to a persistent XSS via javascript:
protocol.
But this could be also adressed in a followup-PR.
So I'm approving with comments.
@@ -302,7 +305,7 @@ export type EventsQuery = { __typename?: 'Query' } & { | |||
events: Array< | |||
{ __typename?: 'Event' } & Pick< | |||
Event, | |||
'id' | 'name' | 'canceled' | 'description' | 'capacity' | |||
'id' | 'name' | 'canceled' | 'description' | 'url' | 'capacity' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it make sense to have these ordered alphabetically?
(The OCD in me. Would not block a merge IMHO).
@@ -320,6 +323,7 @@ export type EventQuery = { __typename?: 'Query' } & { | |||
| 'id' | |||
| 'name' | |||
| 'description' | |||
| 'url' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would it make sense to sort these alphabetically?
(Not blocking a merge IMHO).
@@ -37,6 +37,7 @@ const EventItem: React.FC<IEventItemProps> = ({ loading, event }) => { | |||
<Typography variant="body2" color="textSecondary" component="p"> | |||
{event.description} | |||
</Typography> | |||
{event.url && <a href={event.url}>{event.url}</a>} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps worth to wrap in a p
, too?
@@ -48,6 +48,7 @@ export const EventPage: NextPage = () => { | |||
<Typography variant="body2" color="textSecondary" component="p"> | |||
{data.event.description} | |||
</Typography> | |||
<a href={data.event.url}>{data.event.url}</a> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps worth to wrap in a <p>
, too?
@Ryuno-Ki agreed on sanitization being important, @timmyichen and I were going back and forth on how to handle this here since the suggested |
Could we at least have an issue for that? |
Update README.md
).master
branch of Chapter.Closes #381
Added URL field to event model, created migration for new column to be added to event table, updated seeders to generate fake URLs, updated UI to allow read and update on URL.
While working on this I noticed that the form to edit events is creating new events.