Skip to content

Functionality for adding feast manually via modal as of #50#57

Open
MonEstCha wants to merge 16 commits into
jftsang:mainfrom
MonEstCha:monidev-feast-creation
Open

Functionality for adding feast manually via modal as of #50#57
MonEstCha wants to merge 16 commits into
jftsang:mainfrom
MonEstCha:monidev-feast-creation

Conversation

@MonEstCha

Copy link
Copy Markdown
Collaborator

Functionality for adding feast manually via modal as of #50:
User can add a feast by clicking a button on the PewSheet form which opens a modal. Automatic detection of possible duplicates. After successful form submit, the feast is available in the secondary feast field.
Known issue: Feast form validation not possible.

@MonEstCha MonEstCha requested a review from jftsang November 21, 2024 16:46
@jftsang

jftsang commented Jan 12, 2025

Copy link
Copy Markdown
Owner

@MonEstCha Could you include a screenshot please?

Comment thread forms.py Outdated
Comment thread forms.py
secondary_feasts = SelectMultipleField(
'Secondary Feasts',
choices=[('', '')] + feast_choices,
choices=[('', '')] + feast_choices, validate_choice=False

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why no validation?

@MonEstCha MonEstCha Jan 12, 2025

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the newly added feast is selected from the dropdown, 'Not a valid choice' is displaying. The workaround to this is no validation, see pallets-eco/wtforms#434.

Comment thread static/serviceForm.js Outdated
Comment thread pypew.py

pypew = PyPew()
app = create_app(pypew)
csrf = CSRFProtect(app)

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice

function updateFeasts(){
// refresh feasts
console.log('retrieved data from database');
const feastsApiUrl = "{{ url_for('feast_upcoming_api') }}";

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see note above

<script src="{{ url_for('static', filename='serviceForm.js') }}"></script>
<script>

// Note: logic needs to be able to access python API and hence was placed here

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, all you're doing is injecting the url_for...
I'm always a bit iffy about injecting Jinja stuff into JavaScript, generally speaking it's insecure; if an attacker manages to get the server to send something nasty then it will execute as JavaScript on a client's browser.

You could hardcode the URL, but maybe a better way to pass data from the Jinja2 backend to the JS would be something like

<input id="myUrl" type="hidden" value="{{ url_for(...) }}">
<script> // put this in a separate file
const myUrl = document.getElementById("myUrl").value;
</script>

You could alternatively use the data-... attributes.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, thanks. I've seen something similar in the pewSheet.html, which then would need fixing as well? What do you mean by the data-... attributes?

@jftsang jftsang Jan 13, 2025

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

data-... attributes

https://developer.mozilla.org/en-US/docs/Learn_web_development/Howto/Solve_HTML_problems/Use_data_attributes

e.g.

<p id="foo" data-url="{{ url_for(...) }}"></p>
<script>
const myUrl = document.getElementById("foo").dataset.url
</script>

MonEstCha and others added 2 commits January 12, 2025 13:53
Accept suggestion by jftsang

Co-authored-by: J. M. F. Tsang <j.m.f.tsang@cantab.net>
Accept suggestion by jftsang

Co-authored-by: J. M. F. Tsang <j.m.f.tsang@cantab.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: No status

Development

Successfully merging this pull request may close these issues.

2 participants