jeffreytierney / newt Goto Github PK
View Code? Open in Web Editor NEWnewT - simple javascript templating
Home Page: http://newtjs.org
License: Other
newT - simple javascript templating
Home Page: http://newtjs.org
License: Other
Getting a DOM node exception when mixing no root node and 'when'. If the first node is false [see test case] a DOM exception is thrown when trying to directly append.
// code sample, when not true it will throw exception
newT.save("temp", function(data) {
return ([
newT.span({when:false}, ""),
newT.span("My Text")
])
});
document.body.appendChild( newT.render("temp", {}) )
Exact Error: Chrome MacOSX 14.0.835.94 beta
Uncaught Error: NOT_FOUND_ERR: DOM Exception 8
One possible way to work around XSS exploits with newT, may be requiring any innerHTML injection to have an additional flag set in order to allow a pure innerHTML injection into the page DOM. This flag would be set by the developer to ensure any innerHTML is intentional and not a side affect of a malicious script.
Such a security measure could be tied to a newT.safe_mode value, which would default to off for the new version in order to remain backward compatible.
Another possible solution is adding a native method into newT for escaping possible XSS, such as the below snippet. This would allow developers to easily utilize an escape method that is compatible with newT and also allows convenience and portability for the sake of some additional security. But would not require any additional checks to insert HTML via innerHTML
function (b){return b&&b.replace(/&/mg,"&").replace(/"/mg,""").replace(/'/mg,"'").replace(/>/mg,">").replace(/</mg,"<")||""}
A combine solution of both items would provide a higher threshold to prevent against unintentional XSS while still allowing developers to freely insert HTML structures as needed.
Use of the word "clss" to avoid the reserved keyword "class" is pretty clunky.
Can this be resolved down to the actual parameter className and then applied directly, or can this use the same method as C# where @Class is used to avoid a conflict?
Uncaught TypeError: Cannot call method 'toString' of undefined line 220 newT.js
Here is a live example, http://crashquery.com/static/newt_examples/newT/examples/twitter_wdgt.html
the snippet of code below causes this error. Perhaps b/c attributes aren't being passed in? Only happens with nested node, in this case adding newT.h4() causes the error.
newT.save("single_tweet", function(tweet) {
return (
newT.div(
newT.div({},
newT.img({src : tweet.user.profile_image_url})
),
newT.div({},
newT.h4(tweet.screen_name),
newT.h3(tweet.text)
)
))
});
In reference to commit: ed67ab6
Enhance newT.js to work with JSDOM w/o needing to add newT.js directly to an exisiting DOM.
https://github.com/tmpvar/jsdom
Share the newT internal 'document.' with a given jsdom.createWindow().document.
Add a package.json file to newT project and force jsdom as a requirement.
newtjs.org is not responding.
DNS entry gone missing?
aesop ~:$ nslookup newtjs.org
;; Got SERVFAIL reply from 192.168.1.1, trying next server
Server: 192.168.1.1
Address: 192.168.1.1#53
** server can't find newtjs.org: NXDOMAIN
And from a remote server
~# nslookup newtjs.org
;; connection timed out; no servers could be reached
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.