search

mozillabrasil / sumo_live_helper

Helper Add-on for SUMO forum contributors
https://addons.mozilla.org/firefox/addon/sumo-live-helper-/
Mozilla Public License 2.0
7 stars 8 forks source link

Use a template language for handling data in the frontend #88

Closed dannycolin closed 3 years ago

dannycolin commented 4 years ago

I'd like to have a clear separation of the frontend and backend code. Currently, some code is generated from the JS files for the questions list and we also need to use tag with specific ID to inject the data in the frontend.

WesleyBranton commented 4 years ago

Would a template engine work for a Firefox webextension? I thought that using innerHTML wasn't permitted in a webextension. I believe I tried using that on another project and it failed AMO's pre-check.

dannycolin commented 4 years ago

I've asked on #webextensions and they said it should be possible to use something like mustache.js

WesleyBranton commented 4 years ago

Is this something you want to do during the redesign that you are working on or are you happy just leaving the Javascript as it is for now and exploring a template engine later?

jhonatasrm commented 4 years ago

I thought that using innerHTML wasn't permitted in a webextension.

Yes, is not allowed.. security purposes.

dannycolin commented 4 years ago

Is this something you want to do during the redesign that you are working on or are you happy just leaving the Javascript as it is for now and exploring a template engine later?

It can be after the redesign

WesleyBranton commented 4 years ago

Sounds good @dannycolin!

dannycolin commented 4 years ago

I thought that using innerHTML wasn't permitted in a webextension.

Yes, is not allowed.. security purposes.

Do you think using a library like [DOMPurify] to sanitize an innerHTML would pass the review process?

WesleyBranton commented 4 years ago

Do you think using a library like [DOMPurify] to sanitize an innerHTML would pass the review process?

I don't think so. I think innerHTML() is off limits, regardless of how you implement it. I looked at some Mozilla-run projects and it appears that even they just dynamically create the elements like we have done in our code.

WesleyBranton commented 4 years ago

Currently, there doesn't appear to be a huge benefit to implementing a templating language. The effort doesn't really match the reward, so I'll close this for now. If someone finds an easy-to-implement solution worth reviewing, feel free to reopen this issue.

WesleyBranton commented 3 years ago

I think this has already been done, but was never closed. Reopen this issue if I'm incorrect.