Functionality for adding feast manually via modal as of #50#57
Functionality for adding feast manually via modal as of #50#57MonEstCha wants to merge 16 commits intojftsang:mainfrom
Conversation
…enhancements on monidev before devloping Add Feast functionality further
…ds are added to html dynamically
…ble - no easy fix available
|
@MonEstCha Could you include a screenshot please? |
| secondary_feasts = SelectMultipleField( | ||
| 'Secondary Feasts', | ||
| choices=[('', '')] + feast_choices, | ||
| choices=[('', '')] + feast_choices, validate_choice=False |
There was a problem hiding this comment.
If the newly added feast is selected from the dropdown, 'Not a valid choice' is displaying. The workaround to this is no validation, see pallets-eco/wtforms#434.
|
|
||
| pypew = PyPew() | ||
| app = create_app(pypew) | ||
| csrf = CSRFProtect(app) |
| function updateFeasts(){ | ||
| // refresh feasts | ||
| console.log('retrieved data from database'); | ||
| const feastsApiUrl = "{{ url_for('feast_upcoming_api') }}"; |
| <script src="{{ url_for('static', filename='serviceForm.js') }}"></script> | ||
| <script> | ||
|
|
||
| // Note: logic needs to be able to access python API and hence was placed here |
There was a problem hiding this comment.
Well, all you're doing is injecting the url_for...
I'm always a bit iffy about injecting Jinja stuff into JavaScript, generally speaking it's insecure; if an attacker manages to get the server to send something nasty then it will execute as JavaScript on a client's browser.
You could hardcode the URL, but maybe a better way to pass data from the Jinja2 backend to the JS would be something like
<input id="myUrl" type="hidden" value="{{ url_for(...) }}">
<script> // put this in a separate file
const myUrl = document.getElementById("myUrl").value;
</script>You could alternatively use the data-... attributes.
There was a problem hiding this comment.
Okay, thanks. I've seen something similar in the pewSheet.html, which then would need fixing as well? What do you mean by the data-... attributes?
There was a problem hiding this comment.
data-... attributes
e.g.
<p id="foo" data-url="{{ url_for(...) }}"></p>
<script>
const myUrl = document.getElementById("foo").dataset.url
</script>
Accept suggestion by jftsang Co-authored-by: J. M. F. Tsang <j.m.f.tsang@cantab.net>
Accept suggestion by jftsang Co-authored-by: J. M. F. Tsang <j.m.f.tsang@cantab.net>
2 participants
Functionality for adding feast manually via modal as of #50:
User can add a feast by clicking a button on the PewSheet form which opens a modal. Automatic detection of possible duplicates. After successful form submit, the feast is available in the secondary feast field.
Known issue: Feast form validation not possible.