jeffreytierney / newt Goto Github PK

Getting a DOM node exception when mixing no root node and 'when'. If the first node is false [see test case] a DOM exception is thrown when trying to directly append.

// code sample, when not true it will throw exception
newT.save("temp", function(data) {
return ([
newT.span({when:false}, ""),
newT.span("My Text")

])

});

document.body.appendChild( newT.render("temp", {}) )

Exact Error: Chrome MacOSX 14.0.835.94 beta
Uncaught Error: NOT_FOUND_ERR: DOM Exception 8

One possible way to work around XSS exploits with newT, may be requiring any innerHTML injection to have an additional flag set in order to allow a pure innerHTML injection into the page DOM. This flag would be set by the developer to ensure any innerHTML is intentional and not a side affect of a malicious script.

Such a security measure could be tied to a newT.safe_mode value, which would default to off for the new version in order to remain backward compatible.

Another possible solution is adding a native method into newT for escaping possible XSS, such as the below snippet. This would allow developers to easily utilize an escape method that is compatible with newT and also allows convenience and portability for the sake of some additional security. But would not require any additional checks to insert HTML via innerHTML

function (b){return b&&b.replace(/&/mg,"&amp;").replace(/"/mg,"&quot;").replace(/'/mg,"&#39;").replace(/>/mg,"&gt;").replace(/</mg,"&lt;")||""}

A combine solution of both items would provide a higher threshold to prevent against unintentional XSS while still allowing developers to freely insert HTML structures as needed.

Use of the word "clss" to avoid the reserved keyword "class" is pretty clunky.

Can this be resolved down to the actual parameter className and then applied directly, or can this use the same method as C# where @Class is used to avoid a conflict?

Uncaught TypeError: Cannot call method 'toString' of undefined line 220 newT.js

Here is a live example, http://crashquery.com/static/newt_examples/newT/examples/twitter_wdgt.html

the snippet of code below causes this error. Perhaps b/c attributes aren't being passed in? Only happens with nested node, in this case adding newT.h4() causes the error.

      newT.save("single_tweet", function(tweet) {
            return (
              newT.div(
                newT.div({},
                    newT.img({src : tweet.user.profile_image_url})
                ),
                newT.div({},
                    newT.h4(tweet.screen_name),
                    newT.h3(tweet.text)
                )
            ))
        });

In reference to commit: ed67ab6

Enhance newT.js to work with JSDOM w/o needing to add newT.js directly to an exisiting DOM.

https://github.com/tmpvar/jsdom

Share the newT internal 'document.' with a given jsdom.createWindow().document.

Add a package.json file to newT project and force jsdom as a requirement.

newtjs.org is not responding.

DNS entry gone missing?

aesop ~:$ nslookup newtjs.org
;; Got SERVFAIL reply from 192.168.1.1, trying next server
Server: 192.168.1.1
Address: 192.168.1.1#53

** server can't find newtjs.org: NXDOMAIN

And from a remote server

~# nslookup newtjs.org

;; connection timed out; no servers could be reached