Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 10:28

    keithrowell on main

    added link to code repository (compare)

  • 10:25

    keithrowell on 2.0.0

    added link to code repository (compare)

  • Jun 10 16:12

    jonasjabari on 20210610_517_nested_form_support

    implemented nested form support… (compare)

  • Jun 10 16:12

    jonasjabari on 20210610_#517_nested_form_support

    (compare)

  • Jun 10 16:05

    jonasjabari on 20210610_#517_nested_form_support

    implemented nested form support… (compare)

  • Jun 10 08:52

    jonasjabari on main

    GitBook: [main] one page modifi… (compare)

  • Jun 10 08:39

    jonasjabari on main

    GitBook: [main] 2 pages and 6 a… (compare)

  • Jun 10 08:31

    jonasjabari on next_release

    Add the 'render?' method to all… Merge pull request #553 from ma… (compare)

  • Jun 10 08:31
    jonasjabari closed #553
  • Jun 09 05:41
    marcosvafilho opened #553
  • Jun 08 16:55
    jonasjabari commented #509
  • Jun 08 08:36

    jonasjabari on next_release

    Add dynamic html id to Matestac… Add tests to the page rendering… Update documentation regarding … and 1 more (compare)

  • Jun 08 08:36
    jonasjabari closed #551
  • Jun 08 08:35
    jonasjabari edited #551
  • Jun 08 08:35

    jonasjabari on next_release

    Merge pull request #531 from ma… Update README.md remove old vendor folder and 22 more (compare)

  • Jun 07 08:18
    pascalwengerter commented #551
  • Jun 06 17:45
    dependabot[bot] labeled #552
  • Jun 06 17:45
    dependabot[bot] labeled #552
  • Jun 06 17:45
    dependabot[bot] opened #552
  • Jun 06 17:45

    dependabot[bot] on npm_and_yarn

    Bump ws from 6.2.1 to 6.2.2 in … (compare)

Tobias Pfeiffer
@PragTob
probably safer to wait & hear from Jonas though
Cameron Norman
@cameronnorman
Okay I had a few things in the 0.74 assigned to me. I will take a look how I can this closer to being merged
Jonas Jabari
@jonasjabari
@cameronnorman sorry for the late reply! I would love to setup a call for all contributors tomorrow at 7 pm /@all :)
Pascal Wengerter
@pascalwengerter
Count me in!
Pascal Wengerter
@pascalwengerter
/@all contributor call tonight at 7PM Berlin time, we'll post the link in here shortly beforehands :)
Jonas Jabari
@jonasjabari
Jonas Jabari
@jonasjabari
/@all

matestack-ui-core development report

Resources

  • after resources have been very limited the last months, we now invest more time and money in order to push matestack-ui-core
  • we hired @fiedl to spent a couple of hours improving matestack-ui-core
  • we hired @pragtob to spent a couple of hours improving matestack-ui-core
  • as both of them are highly experienced ruby devs, we see that much new issues/proposals currently :D

Project management

Communication

  • we will stop having a weekly contributor call via video chat
  • we instead will improve/increase written, async communication such as sprint planning, sprint retros
  • the channel for this async communication will stay gitter for now

New contribution guideline

  • all contributors may choose issues they want to tackle a few days before a sprint starts from the dedicated "next sprint backlog list"
    --> we currently have two issues on that list: @cameronnorman, @marcoroth - interested? :)
  • a contributor commits her/himself to finalize the implementation until the end of the sprint, please make concious decision when picking an issue
Cameron Norman
@cameronnorman
I am afraid I can not commit to either of the issues at the moment to be finished within the sprint but what I can offer is that I will attempt to solve the turbolinks PR and if I do I will make a PR
Jonas Jabari
@jonasjabari
We just released 0.7.4! (a bit after sprint 1/2020 ended, but hey!) thank you for your support and contributions :)
two important things to know:
  • we fixed a security issue, reported by PragTob:

XSS/Script injection vulnerability

  • matestack-ui-core is vulnerable to XSS/Script injection
  • matestack-ui-core does not excape strings by default and does not cover this in the docs
  • matestack-ui-core should escape strings by default in order to prevent XSS/Script injection vulnerability
class Pages::MyApp::MyExamplePage < Matestack::Ui::Page

  class FakeUser < Struct.new(:name)
  end

  def prepare
    @user = FakeUser.new("<script>alert('such hack many wow')</script>")
  end

  def response
    components {
      div do
        heading size: 1, text: "Hello #{@user.name}" # is not escaped
        plain "Hello #{@user.name}" # is not escaped
      end
    }
  end
end

Patches

patched in 0.7.4

Workarounds

escape string explicitly/manually

References

reported by @PragTob

For more information

If you have any questions or comments about this advisory:

Cameron Norman
@cameronnorman
Please can I get a review here: matestack/matestack-ui-core#378
Jonas Jabari
@jonasjabari
done :)
and thanks for the PR @cameronnorman
Jonas Jabari
@jonasjabari
hey /@all! thanks to great input from @fiedl and @PragTob we're about to refactor some essential parts of matestack! matestack-ui-core will be much easier to debug and to extend, just to mention a few improvements. this refactoring was planned to happen in sprint 2/2020 which ends today. as the refactoring effort was not easy to estimate, we will exceed the current sprint. we will try our best to finalize until end of next week. the refactoring will lead to some breaking changes. we therefore will release 0.8.0 instead of 0.7.5. we will add a migration guide in order to enable you to update. stay tuned! :)
Jonas Jabari
@jonasjabari
that doesn't match the actual planning but we wanted to ship some bugfixes and features as soon as possible. the major refactoring which leads to 0.8.0 is still in progress. I will post some updates about that soon. I'm pretty optimistic that we will stick to the sprint based release cycle after finishing the major refactoring, which completely messed up the current planning. but it's still worth it :D cheers!
Richie Khoo
@evolve2k
Hi folks, any tips on if it's possible to do nested forms?
Pascal Wengerter
@pascalwengerter
@jonasjabari :eyes:
Richie Khoo
@evolve2k
Alternatively is there a way to allow user input fields to update active record without having to do a submit? Then I could just have the user update this form and that form.. without ever knowing they all separate.
Richie Khoo
@evolve2k
While Im here, any opinion on state management in the app?
My use case is using matestack UI to create a simple app that is the front end for ordering internet from a small internet company. The order won't be submitted to the server until the final submit button is pressed.. but as the user selects various of the product offerings.. I either need to save these as I go against a live order.. or save an array/collection/state something of what they've clicked they are ordering then submit that with the overall order Submission.
So is saying myself wiring up vuex something worth doing/ do-able?
Richie Khoo
@evolve2k
--- New question ---
How does one add a message or payload into an on_click?
Eg taking this code:
This message was deleted
onclick(emit: "abc") do li class: "product" do plain product.name end end
So I can generate this:
async show_on: "abc" do plain "{{event.data.message}}" # returns product.name end
In the example spec it wasn't clear how to do it, or even clear how "This is a cool message" got in there.
What Id like to do is:
onclick(emit: "abc", message: product.name)
Jonas Jabari
@jonasjabari
hey @evolve2k ! welcome to this channel!
What about a hangout/skype session? It might be easier to answer your questions on a screensharing session :)
Richie Khoo
@evolve2k
@jonasjabari that would be fantastic!
Are you free soon/today at all?
It's 1pm here in South Australia, I can be around any time over the next 7 hours.
Jonas Jabari
@jonasjabari
@evolve2k you got a PM ;)
Jonas Jabari
@jonasjabari
hey /@all! we just released 0.7.6 with some cool new features. FYI: We're still working on the 0.8.0 release with some major updates. we keep you updated on our progress :)
Jonas Jabari
@jonasjabari
hey /@all! it's been quiet around us for some time now. We worked hard to finalize the 1.0.0 with a lot of major updates and improvements based on our learnings made the last two years. We also added more guides and documentation. Work on this end is not completed yet, but our essential guide should be a good starting point https://docs.matestack.io/docs/guides/2-essential/README.md along with the demo application demo.matestack.io with its source code hosted on github https://github.com/matestack/matestack-demo-application
to be clear: 1.0.0 is finally done and ready to be used! I just did the release :heart_eyes:
Jonas Jabari
@jonasjabari
hey /@all! we moved the community chat to this discord server: https://discord.gg/c6tQxF We would be super happy to welcome and support you there!
Marco Roth
@marcoroth
Hey Jonas 👋🏼
Seems like the invite expired
Jonas Jabari
@jonasjabari
hey @marcoroth! thanks for the notice! --> https://discord.com/invite/c6tQxFG