Add doc for URL binding feature #1346
Conversation
squrious
force-pushed
the
live-component/docs-url-binding
branch
2 times, most recently
from
c600ad6
to
0adbb66
Compare
No, the current behavior is to update the URL in place. There could be a feature to push new history entries in the future.
If multiple components use this feature on the same page, things should work fine as long as they don't use the same field names. Otherwise parameters will collide, so the last rendered component will take priority on URL parameters, overriding ones set by the other components. Should this be part of the documentation too? |
Maybe just a warning |
src/LiveComponent/doc/index.rst
Outdated
|
|
||
| .. note:: | ||
|
|
||
| Type consistency is enforced by the LiveComponent internal hydrator when the component is initialized with query |
There was a problem hiding this comment.
Type consistency is enforced by the LiveComponent internal hydrator. When the component is initialized, If a query parameter could not be hydrated properly into a LiveProp, it will be ignored to avoid unfriendly errors for the end user.
Just a suggestion.. feel free to ignore if you prefer the original ;)
There was a problem hiding this comment.
I prefer the original, I find it more accurate as this type consistency check is only used on component initialization. But thanks for the suggestion :)
There was a problem hiding this comment.
I think we should make this not in a note, rather a normal sentence, as it's really important. And, from a user's point of view, the important thing is that it goes through the hydration system. Something like:
When a page is loaded with a query parameter that's bound to a
LiveProp(e.g./search?query=my+search+string), the value -my search string- goes through the hydration system before it's set onto the property. If a value can't be hydrated, it will be ignored.
src/LiveComponent/doc/index.rst
Outdated
| Validation | ||
| ~~~~~~~~~~ | ||
|
|
||
| To validate your component state when it is rendered for the first time, you have to setup a `PostMount hook`_:: |
There was a problem hiding this comment.
I'd use a warning or caution block there.. wdyt ?
There was a problem hiding this comment.
I added a caution block at the top of the section
src/LiveComponent/doc/index.rst
Outdated
|
|
||
| .. versionadded:: 2.13 | ||
|
|
||
| The ``url`` option was introduced in Live Components 2.13. |
src/LiveComponent/doc/index.rst
Outdated
| @@ -2302,6 +2302,131 @@ You can also trigger a specific "action" instead of a normal re-render: | |||
| #} | |||
| > | |||
|
|
|||
| Binding LiveProp to URL query parameters | |||
There was a problem hiding this comment.
How about:
Changing the URL when a LiveProp changes
src/LiveComponent/doc/index.rst
Outdated
|
|
||
| The ``url`` option was introduced in Live Components 2.13. | ||
|
|
||
| You can bind your component LiveProp's values to URL query parameters thanks to the ``url`` option:: |
There was a problem hiding this comment.
How about:
If you want the URL to update when a
LivePropchanges, you can do that with theurloption:
|
|
||
| You can bind your component LiveProp's values to URL query parameters thanks to the ``url`` option:: | ||
|
|
||
| // src/Components/SearchModule.php |
There was a problem hiding this comment.
// src/Twig/Components/SearchModule.php
right?
There was a problem hiding this comment.
Other examples in the doc live in src/Components, not sure why this one should be different?
src/LiveComponent/doc/index.rst
Outdated
| public string $query = ''; | ||
| } | ||
|
|
||
| Now if you change the value of the ``query`` prop, the url will be updated to reflect the new state of your |
There was a problem hiding this comment.
Now, when the user changes the...
... prop, a query parameter in the URL will be updated...
src/LiveComponent/doc/index.rst
Outdated
| parameters. If a value could not be hydrated properly, it will be ignored to avoid unfriendly errors for the end | ||
| user. | ||
|
|
||
| Multiple bindings |
There was a problem hiding this comment.
| Multiple bindings | |
| Multiple Query Parameter Bindings |
src/LiveComponent/doc/index.rst
Outdated
|
|
||
| And you only set the ``query`` value, then your URL will be updated to ``https://my.domain/search?query=my+query+string&mode=fulltext``. | ||
|
|
||
| Validation |
There was a problem hiding this comment.
| Validation | |
| Validating the Query Parameter Values |
src/LiveComponent/doc/index.rst
Outdated
| Validation | ||
| ~~~~~~~~~~ | ||
|
|
||
| To validate your component state when it is rendered for the first time, you have to setup a `PostMount hook`_:: |
src/LiveComponent/doc/index.rst
Outdated
| public function postMount(): void | ||
| { | ||
| // Validate 'mode' field without throwing an exception | ||
| $this->validateField('mode', false); |
There was a problem hiding this comment.
It's not clear to me what happens when this fails.
src/LiveComponent/doc/index.rst
Outdated
| .. caution:: | ||
|
|
||
| It is recommended to validate data provided through query string parameters, so you can prevent malicious inputs | ||
| from being processed and rendered. |
There was a problem hiding this comment.
This is interesting. If a LiveProp is writable, then the fact that it is bound to a query parameter does not open a new malicious entrypoint: the value can always be changed to "anything". Two things:
A) If we want to talk about validating writable properties in general more clearly, then we can talk about that in another PR
B) This section may still make sense, but I think it's only important for the (probably rare) situation where you have url: true and writable: false (e.g. when the user calls a LiveAction, you change the prop inside that method, but the user doesn't change it directly).
There was a problem hiding this comment.
The goal of this section was to be explicit about the fact that bound props are not validated when initialized from the URL, even if the component uses validation. But yes, the security concern only applies when the validation logic itself involves some security process (sanitizing or whatever). Maybe I can change the caution block to a note like:
If your component uses validation, it is recommended to also validate data provided through query string parameters.
For the B) part, I could add another example in this section to illustrate this use case, wdyt?
There was a problem hiding this comment.
Hmm, ok, yes, it's more clear to me. So the messaging would be something like:
Like any writable
LiveProp, because the user can modify this value, you should consider adding validation (<-- link to that section). When you bind aLivePropto the URL, the initial value is not automatically validated. To validate it: (then the code).
Also, it's beyond the scope of the doc, but should the URL-binding feature validate automatically? And reject the value (skip it) if it's invalid?
weaverryan
force-pushed
the
live-component/docs-url-binding
branch
from
7a740f6
to
4f0d313
Compare
|
Thank you @squrious! |
Add documentation for #1230