Bug 1349596: Validate JEXL on the server instead of the client. #629
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
FWIW I ran some of the more complex filters from prod against this and they all validated fine. |
mythmon
reviewed
Mar 23, 2017
| # Add mock transforms for validation | ||
| jexl.add_transform('date', lambda x: x) | ||
| jexl.add_transform('stableSample', lambda x: x) | ||
| jexl.add_transform('bucketSample', lambda x: x) |
There was a problem hiding this comment.
This isn't very satisfying, but I don't know how we can do better. Maybe we can put a link to the docs that say what transforms need to be available?
mythmon
suggested changes
Mar 23, 2017
| @@ -120,3 +120,6 @@ django-csp==3.2 \ | |||
| html5lib==1.0b10 \ | |||
| --hash=sha256:08a3efc117a4fc8c82c3c6d10d6f58ae266428d57ed50258a1466d2cd88de745 \ | |||
| --hash=sha256:0d5fd54d5b2b79b876007a70c033a4023577768d18022c15681c00561432a0f9 | |||
| pyjexl==0.1.2 \ | |||
There was a problem hiding this comment.
This should be pyjexl 0.1.3 now.
|
Test failures are unrelated and fixed by #632. |
|
Ok, can you rebase this to pick up the changes in #632? Then this should be ready to merge. |
added 2 commits
March 24, 2017 18:01
Validating JEXL on the client isn't ideal, because the JEXL library doesn't have a public API for checking if a statement is valid without evaluating it, which means certain valid expressions won't pass validation if they reference data in the context that we don't provide in the admin interface. PyJEXL is a Python library that parses and evaluates JEXL, and it includes a validation API that is more suitable for our validation.
Osmose
force-pushed
the
pyjexl-validation
branch
from
bc2604d
to
9b99989
Compare
|
Rebased! |
mythmon
approved these changes
Mar 27, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Validating JEXL on the client isn't ideal, because the JEXL library doesn't
have a public API for checking if a statement is valid without evaluating
it, which means certain valid expressions won't pass validation if they
reference data in the context that we don't provide in the admin interface.
PyJEXL is a Python library that parses and evaluates JEXL, and it includes
a validation API that is more suitable for our validation.