Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default generated Controlers pass params directly to Views #404

Closed
kane-thornwyrd opened this issue Jul 11, 2013 · 3 comments
Closed

Default generated Controlers pass params directly to Views #404

kane-thornwyrd opened this issue Jul 11, 2013 · 3 comments

Comments

@kane-thornwyrd
Copy link

Hi,

I'm not sure if it's intended, if "whatever" or what (I'm just a poor newb on Geddy), but the Controlers generated by default pass the params object directly to their "View" //template.

Params object "nearly directly" (there is some escaping) populated by the http lib (GET, POST…).

So let's say I have a jade template like so:

  if test
    h1= test
  else
    h1 Hello, World!

If his url is called with something like: /?test=ooooooo

There will be a huge "ooooooo" in the h1.

I don't think it's really an Issue, it's mitigated by the fact that the, let's say, "defacer", had to know the exact key.
And I expect of any decent webdev to know that filtering entries is one of the 101.

But maybe this should be kept as a remainder in the "Don't…".
@larzconwell
Copy link
Contributor

What does your controller look like for the accompanying view?

In this example, any given parameters would be directly available to the view

exports.Main = function Main () {
  this.respondsWith = ['html'];

  this.example = function example (req, resp, params) {
    this.respond(params);
  };
};

So the issue you mentioned would occur if you had a test item you want to view and the url had overwritten the param.

So here's a better way to do it, you control what items get sent to the view. You can totally remove the params at all if you don't need them.

exports.Main = function Main () {
  this.respondsWith = ['html'];

  this.example = function example (req, resp, params) {
    this.respond({params: params, test: 'test'});
  };
};

In this example we put the params inside another object, so you can still use the params if you'd like with the explicit params.test in your view, and not worry about the original test item be overwritten by user form data.

@kane-thornwyrd
Copy link
Author

The controler I used is the main.js generated by geddy gen app [my app name], no less, no more.

And your answer is exactly what I had in mind and implicitly mentioned by "I don't think it's really an Issue […] And I expect of any decent webdev to know that filtering entries is one of the 101.".

The true topic behind this Issue is maybe to tweak a little bit the generator to "by default" offer this kind of wrapping, and no more directly pass the params.

Or at least, leaving a big "Don't…" with this thread in the documentation…

It depend on how much Geddy want to "pre-patch" the "wanabe-dev"'s numbness.

larzconwell added a commit that referenced this issue Jul 11, 2013
@larzconwell
Close #404, Change default for Main.index to wrap params like generated
74d4b5d 
scaffolding.
@larzconwell
Copy link
Contributor

Yeah we probably should change the default to wrap the params, good idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kane-thornwyrd @larzconwell