by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Jun 03 17:31
    pascalwengerter review_requested #421
  • Jun 03 17:31
    pascalwengerter opened #421
  • Jun 03 17:31
    pascalwengerter review_requested #421
  • Jun 03 17:29

    pascalwengerter on add_inlinestyle_guide

    introduce basic inline styling … (compare)

  • May 26 16:13
    dependabot[bot] labeled #420
  • May 26 16:13
    dependabot[bot] labeled #420
  • May 26 16:13
    dependabot[bot] opened #420
  • May 26 16:13

    dependabot[bot] on bundler

    Bump activesupport from 6.0.2.2… (compare)

  • May 26 15:55
    dependabot[bot] labeled #419
  • May 26 15:55
    dependabot[bot] labeled #419
  • May 26 15:55
    dependabot[bot] opened #419
  • May 26 15:55

    dependabot[bot] on bundler

    Bump actionpack from 6.0.2.2 to… (compare)

  • May 26 15:35
    dependabot[bot] labeled #418
  • May 26 15:35
    dependabot[bot] labeled #418
  • May 26 15:35
    dependabot[bot] opened #418
  • May 26 15:35

    dependabot[bot] on bundler

    Bump activestorage from 6.0.2.2… (compare)

  • May 24 18:20

    dependabot[bot] on bundler

    (compare)

  • May 24 18:20

    pascalwengerter on develop

    Merge pull request #414 from ma… Missing version bump in package… Bump puma from 4.3.3 to 4.3.5 … and 1 more (compare)

  • May 24 18:20
    pascalwengerter closed #417
  • May 24 18:19
    pascalwengerter edited #417
Cameron Norman
@cameronnorman
Oh wow!! Welcome @PragTob
Tobias Pfeiffer
@PragTob
Thank you :green_heart:
Marco Roth
@marcoroth
🥳🎉
Cameron Norman
@cameronnorman
Hey all, I see there wasn't a catch up this week. I would really like to start making contributions to matestack again considering I have more free time now. What are the most pressing matters at the moment?
Tobias Pfeiffer
@PragTob
@cameronnorman @jonasjabari has a whole list/excel that he prioritizes around. I haven't seen it yet or talked with him about it. He's busy in personal life at least today but probably also the coming days. Since everything in the 0.7.4 milestone is assigned I'd guess whatever in 0.7.5 isn't assigned :sweat_smile: https://github.com/matestack/matestack-ui-core/milestone/8
probably safer to wait & hear from Jonas though
Cameron Norman
@cameronnorman
Okay I had a few things in the 0.74 assigned to me. I will take a look how I can this closer to being merged
Jonas Jabari
@jonasjabari
@cameronnorman sorry for the late reply! I would love to setup a call for all contributors tomorrow at 7 pm /@all :)
Pascal Wengerter
@pascalwengerter
Count me in!
Pascal Wengerter
@pascalwengerter
/@all contributor call tonight at 7PM Berlin time, we'll post the link in here shortly beforehands :)
Jonas Jabari
@jonasjabari
Jonas Jabari
@jonasjabari
/@all

matestack-ui-core development report

Resources

  • after resources have been very limited the last months, we now invest more time and money in order to push matestack-ui-core
  • we hired @fiedl to spent a couple of hours improving matestack-ui-core
  • we hired @pragtob to spent a couple of hours improving matestack-ui-core
  • as both of them are highly experienced ruby devs, we see that much new issues/proposals currently :D

Project management

Communication

  • we will stop having a weekly contributor call via video chat
  • we instead will improve/increase written, async communication such as sprint planning, sprint retros
  • the channel for this async communication will stay gitter for now

New contribution guideline

  • all contributors may choose issues they want to tackle a few days before a sprint starts from the dedicated "next sprint backlog list"
    --> we currently have two issues on that list: @cameronnorman, @marcoroth - interested? :)
  • a contributor commits her/himself to finalize the implementation until the end of the sprint, please make concious decision when picking an issue
Cameron Norman
@cameronnorman
I am afraid I can not commit to either of the issues at the moment to be finished within the sprint but what I can offer is that I will attempt to solve the turbolinks PR and if I do I will make a PR
Jonas Jabari
@jonasjabari
We just released 0.7.4! (a bit after sprint 1/2020 ended, but hey!) thank you for your support and contributions :)
two important things to know:
  • we fixed a security issue, reported by PragTob:

XSS/Script injection vulnerability

  • matestack-ui-core is vulnerable to XSS/Script injection
  • matestack-ui-core does not excape strings by default and does not cover this in the docs
  • matestack-ui-core should escape strings by default in order to prevent XSS/Script injection vulnerability
class Pages::MyApp::MyExamplePage < Matestack::Ui::Page

  class FakeUser < Struct.new(:name)
  end

  def prepare
    @user = FakeUser.new("<script>alert('such hack many wow')</script>")
  end

  def response
    components {
      div do
        heading size: 1, text: "Hello #{@user.name}" # is not escaped
        plain "Hello #{@user.name}" # is not escaped
      end
    }
  end
end

Patches

patched in 0.7.4

Workarounds

escape string explicitly/manually

References

reported by @PragTob

For more information

If you have any questions or comments about this advisory:

Cameron Norman
@cameronnorman
Please can I get a review here: matestack/matestack-ui-core#378
Jonas Jabari
@jonasjabari
done :)
and thanks for the PR @cameronnorman
Jonas Jabari
@jonasjabari
hey /@all! thanks to great input from @fiedl and @PragTob we're about to refactor some essential parts of matestack! matestack-ui-core will be much easier to debug and to extend, just to mention a few improvements. this refactoring was planned to happen in sprint 2/2020 which ends today. as the refactoring effort was not easy to estimate, we will exceed the current sprint. we will try our best to finalize until end of next week. the refactoring will lead to some breaking changes. we therefore will release 0.8.0 instead of 0.7.5. we will add a migration guide in order to enable you to update. stay tuned! :)
Jonas Jabari
@jonasjabari
that doesn't match the actual planning but we wanted to ship some bugfixes and features as soon as possible. the major refactoring which leads to 0.8.0 is still in progress. I will post some updates about that soon. I'm pretty optimistic that we will stick to the sprint based release cycle after finishing the major refactoring, which completely messed up the current planning. but it's still worth it :D cheers!
Richie Khoo
@evolve2k
Hi folks, any tips on if it's possible to do nested forms?
Pascal Wengerter
@pascalwengerter
@jonasjabari :eyes:
Richie Khoo
@evolve2k
Alternatively is there a way to allow user input fields to update active record without having to do a submit? Then I could just have the user update this form and that form.. without ever knowing they all separate.
Richie Khoo
@evolve2k
While Im here, any opinion on state management in the app?
My use case is using matestack UI to create a simple app that is the front end for ordering internet from a small internet company. The order won't be submitted to the server until the final submit button is pressed.. but as the user selects various of the product offerings.. I either need to save these as I go against a live order.. or save an array/collection/state something of what they've clicked they are ordering then submit that with the overall order Submission.
So is saying myself wiring up vuex something worth doing/ do-able?
Richie Khoo
@evolve2k
--- New question ---
How does one add a message or payload into an on_click?
Eg taking this code:
This message was deleted
onclick(emit: "abc") do li class: "product" do plain product.name end end
So I can generate this:
async show_on: "abc" do plain "{{event.data.message}}" # returns product.name end
In the example spec it wasn't clear how to do it, or even clear how "This is a cool message" got in there.
What Id like to do is:
onclick(emit: "abc", message: product.name)
Jonas Jabari
@jonasjabari
hey @evolve2k ! welcome to this channel!
What about a hangout/skype session? It might be easier to answer your questions on a screensharing session :)
Richie Khoo
@evolve2k
@jonasjabari that would be fantastic!
Are you free soon/today at all?
It's 1pm here in South Australia, I can be around any time over the next 7 hours.
Jonas Jabari
@jonasjabari
@evolve2k you got a PM ;)
Jonas Jabari
@jonasjabari
hey /@all! we just released 0.7.6 with some cool new features. FYI: We're still working on the 0.8.0 release with some major updates. we keep you updated on our progress :)