![]() The documentation has been updated for the newest release as well, and will be available on as soon as cloudflare allows it. , the core team would greatly appreciate it! Remove un-maintained “wrench” module from tests use “fs-extra” instead.Update code that virtual response uses to read buffer to work with all Node versions a5ab134.Add some assertions to ensure custom hooks don’t use reserved properties 2e76dac.Sails should be using all standalone middleware now. Use standalone CSRF package instead of using the one (formerly) bundled with Connect.Upgraded version of grunt-contrib-watch to 1.0.0 3678.Upgraded version of Consolidate to 0.14.1 a70623c.Update “compression” dependency to version 1.6.2.Update “connect” dependency to 3.4.1 1d3c9e6.Fix typo which could cause crashing when attempting to serialize non-json-compatible output in the response to a socket request.Allow sails.renderView to work with globals turned off 3753 d3f634c.Fix view rendering when i18n hook is disabled.Thanks Fix for query / body params called length 3738 Allow use of Express style path and RegExp in.Use res.forbidden() when denying access to a route via a policy.Add config option to specify routes that should not use session middleware c712acf.Fix long-standing, low-priority (but super annoying) issue with logged dictionaries/arrays getting extra quote marks (due to a pecularity in the usage of util.format()) d67e9c8e6775.This also gets rid of more deprecation notices during install (see captains-log:49f433eff348c05115a2caf292b4da0db9499887) Simplify config-merging code in captains-log. ![]() Upgrade Mocha to 3.0.0 to remove more of the deprecation notices when installing dependencies (see mocha:#2200).See also the recently-published improvements to the Sails documentation. If you’re curious what’s next, I posted a first look at the Sails v1.0 roadmap here.Ī new patch release with bug fixes, enhancements, and upgrades to Sails’ dependencies. Big thanks to all of the folks who helped with this release, especially those of you who contributed to testing and documentation! The release notes are included below for reference, and to point out what’s changed and what’s new. This is a patch release, so there shouldn’t be any breaking changes. Or, to take it for a spin, check out ĮxposeLocalsToBrowser() is now available for preview on mikermcneil views locals security xss Then, by default, it also injects a pre-minified client-side unescape function (compatible with IE9 and up) that deals with de-scrambling HTML entities back into the unsafe characters from whence they came.įor more info, check out the official Sails.js roadmap and the relevant proposal PR. The new injector in Sails works by injecting a script tag into the raw HTML source, and stuffing the escaped version of your data (with all unsafe HTML characters encoded) inside. (For more background on the use case, check out this 2012 post from Dan Webb, Twitter’s former engineering manager: ) And it means you don’t need to send a bunch of extra AJAX requests to safely get the data you need onto the web page. This eliminates the need to hand-roll your own decoding/encoding (or worse, forget). Just reached the next milestone on the road towards Sails v1: As of today, you can add a line of code to your HTML to directly expose data from your server-side view locals to client-side JavaScript, with built-in XSS attack prevention. This is like doing return yourResult in a synchronous function. Invoke callback with err => undefined and yourResultĮverything is AOK, and there’s this result I want to send back: return cb(undefined, yourResult) This is like doing return in a synchronous function. Invoke callback with no argumentsĮverything is AOK, and there’s no other data to send back: return cb() This is like doing throw new Error('Something bad happened!') in a synchronous function. So instead, I do this: return cb(new Error('Something bad happened!')) Except that I’m an asynchronous function. Some kind of fatal error occurred– something where I’d normally throw. Invoke callback with only err => new Error() In your implementation, if you always do one of the following, you’ll be good to go, and you’ll provide a better experience for the people using your thing: 1. If you find it helpful, you might want to check out the entire gist. Best practices for passing the first argument to an asynchronous callback
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |