Re: Differences between bebug and release

Differences in release mode is generally because of renaming when minifying. Do you get an error in the dev tools? Make sure you’re using typedefs correctly for external APIs. Harbs > On Dec 9, 2021, at 1:52 AM, Hugo Ferreira wrote: > > Hi, > > I just finished my first Royale Add-In applicat

Differences between bebug and release

Hi, I just finished my first Royale Add-In application that was tested only in debug mode. Now I compiled in release mode and when I was testing I saw that custom item renderers did not appear. Probably this is not merged to the App.js single file ?

Re: 0.9.9

Volunteers might want to add a compiler warning for writing to 'innerHTML', but IMO, even React can't prevent XSS attacks. Frameworks are just building blocks used to build secure solutions, but the security comes from proper use by the developer. I have not had time to look into the new 'thir

Re: 0.9.9

If you want your head to hurt, you can try reading this whole page on avoiding XSS: https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html The numbers of ways to insert XSS is mind boggling. > On Dec 9, 2021, at 1:01 AM, Greg Dove wrote: > > That's all I meant also

Re: 0.9.9

That's all I meant also. I expect the React framework minimizes or avoids use of it for example. I have no idea (I haven't checked) if it 'sanitizes' any use of it that it has internally, filtering out possible bad stuff in setters, for example. Using that 'dangerouslySetInnerHTML' or whatever it

Re: 0.9.9

I could entertain the idea of doing it in January, but I don’t think I will have the bandwidth to consider it until then. > On Dec 8, 2021, at 8:39 AM, Yishay Weiss wrote: > > Also, it would be good to pass on some of the knowledge I have gained in > previous releases to others here, so this i

Re: 0.9.9

I went though every use of innerHTML and I only found two that really could use changing. I just changed those two cases. I’m not convinced that it’s the job of the Framework to prevent users from introducing XSS attacks. The framework should not use things like innerHTML of setting src in ways

RE: [royale-compiler] branch develop updated: Externc tests were failing on network error even if some of the dependencies were cached

Good catch, fixed. From: Josh Tynjala Sent: Wednesday, December 8, 2021 7:03 PM To: dev@royale.apache.org Subject: Re: [royale-compiler] branch develop updated: Externc tests were failing on network error even if some of the dependen

Re: [royale-compiler] branch develop updated: Externc tests were failing on network error even if some of the dependencies were cached

Hey Yishay, There doesn't seem to be an existing tag for svg.js, but you added get-from-cache-if-needed and fail-if-not-found calls for it. I think that this is causing the build to fail. If I comment out the svg.js changes, and leave the rest, the build works for me. -- Josh Tynjala Bowler Hat

RE: [royale-asjs] branch develop updated: Fixed the brackets position according to Royale best practices

Hello, @Hugo, look at the commit I did yesterday, Jewel TriStateCheckBox, it actively uses sass. I don't know if all the changes are correct, if they are not they will be very close..., I looked at the current implementations and tried to follow your guide: In this case, being an extension of t