[Xerte-dev] Re: Avoiding eval()

Dave Burnett d_b_burnett at hotmail.com
Mon Feb 11 14:13:18 GMT 2013


Such modesty.You still are.

From: Julian.Tenney at nottingham.ac.uk
To: xerte-dev at lists.nottingham.ac.uk
Date: Mon, 11 Feb 2013 14:09:21 +0000
Subject: [Xerte-dev] Re: Avoiding eval()

…on that particular occasion… From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: 11 February 2013 14:09
To: xerte-dev at lists.nottingham.ac.uk
Subject: [Xerte-dev] Re: Avoiding eval()  Julian ended up in much better shape than the rest of us.  From: Julian.Tenney at nottingham.ac.uk
To: xerte-dev at lists.nottingham.ac.uk
Date: Mon, 11 Feb 2013 13:44:02 +0000
Subject: [Xerte-dev] Re: Avoiding eval()And my dignity remains intact:http://listserv.cc.kuleuven.ac.be/cgi-bin/wa?A2=ind0406B&L=aware&P=R8285  From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: 11 February 2013 13:41
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Avoiding eval() There were a few characters on there that were just too much fun not to poke from time to time. From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Smith, John
Sent: 11 February 2013 13:35
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Avoiding eval() And you’re still talking about it 11 years later!! Must have made a real impression ;-) Regards, John SmithLearning TechnologistSchool of Health & Life SciencesGlasgow Caledonian University From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: Monday, February 11, 2013 1:29 PM
To: xerte-dev at lists.nottingham.ac.uk
Subject: [Xerte-dev] Re: Avoiding eval()  It goes on for about 12 paragraphs. and then "GOOD-BYE!!!!!!!" It seemed so important.;-)  From: Julian.Tenney at nottingham.ac.uk
To: xerte-dev at lists.nottingham.ac.uk
Date: Mon, 11 Feb 2013 13:16:38 +0000
Subject: [Xerte-dev] Re: Avoiding eval()There was  fair bit of pulpit thumping going on back then IIRC… happy days! From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: 11 February 2013 12:12
To: xerte-dev at lists.nottingham.ac.uk
Subject: [Xerte-dev] Re: Avoiding eval() John, we're damaged.Eval = EvilJulian and I cut our teeth on this type of discussion:   The friendly challenge was directed to those who, in the past, have saidthings like: "Eval is evil" and "The first thing I do when I work onsomeone else's code is go through it and remove ALL the Evals." Thefriendly challenge was for someone to come up with a better GENERIC,REUSABLE, DYNAMIC, CUSTOM LIST FUNCTION THAT WOULD WORK FOR ANY COMPATIBLELIST STRUCTURE, AND THAT DID NOT USE EVAL!!!!!!!!!!!!!  Authorware listserv circa 2002It was a long rant ending with the lister's resignation from the list.;-)   From: J.J.Smith at gcu.ac.uk
To: xerte-dev at lists.nottingham.ac.uk
Date: Mon, 11 Feb 2013 11:49:07 +0000
Subject: [Xerte-dev] Re: Avoiding eval()We use eval several times in the xenith code. If you know the source of what you are eval()ing then I don’t think it’s ‘BAD’… Since FileLocation needs to be set in order for eval to work then you can do something with string parsing like var path = FileLocation + $(data).find('learningObject').attr('header').split(“’”)[1] Regards, John SmithLearning TechnologistSchool of Health & Life SciencesGlasgow Caledonian University From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: Monday, February 11, 2013 11:09 AM
To: For Xerte technical developers
Subject: [Xerte-dev] Avoiding eval() Can you avoid eval? In the case of file paths, the only thing I can think to do is to use eval(), and I know that’s not the ‘right’ thing to do? //get the file path from the string “FileLocation + ‘media/header.png’”var path = eval( $(data).find('learningObject').attr('header') ); From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Smith, John
Sent: 11 February 2013 10:41
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates Yeah I couldn’t get any of the methods of jQuery parsing to work with that model in IE with that shape data. Not sure if it breaks some rule or something by having a reserved word etc but I know one of the JSON objects received from an external for one of the models (flickr or delicious or something) uses a reserved word that IE bokes on…. Regards, John SmithLearning TechnologistSchool of Health & Life SciencesGlasgow Caledonian University From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: Monday, February 11, 2013 10:26 AM
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates                                 if (typeof data == 'string'){                                                //have to mangel the data for IE, not sure if this works??                                                data = $.parseXML(data);                                } Seems to have done the trick. From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Smith, John
Sent: 11 February 2013 10:23
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates Hi Julian Check lines 560-568 of the textDrawing.html model as I had to do similar to play nicely in IE. jQuery will quite happily turn text to XML for other browsers though…                                 var xml;                                if (jQuery.browser.msie) { // Had to add this in to get IE to parse <shapes> correctly                                        var xmlDoc = new ActiveXObject("Microsoft.XMLDOM");                                        xmlDoc.loadXML($(x_currentPageXML).text());                                        xml = xmlDoc;                                }                                else {                                        xml = $($(x_currentPageXML).text());                                } Regards, John SmithLearning TechnologistSchool of Health & Life SciencesGlasgow Caledonian University From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: Monday, February 11, 2013 9:35 AM
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates There’s some funky stuff with IE and ajax in jQuery when you set the dataType to ‘xml’. I did have it set to ‘text’, it’s a known thing and I’ll figure it out. From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: 08 February 2013 16:14
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: Modular Play and New Templates Hi JulianI updated a test install but then re-installed over the top so that your template installed in the database so at some point the relevant sql will need to be added to upgrade.php but I'm sure you're aware of that. On this test install when viewing properties of either a bootstrap project or an xot project only the flash play.php shows now in the properties window. play_bootstrap.php doesn't seem to play very nicely in IE whereas I'm sure http://www.nottingham.ac.uk/~cczjrt/boostrapLO did but that's now showing as forbidden. play_bootstrap.php plays ok in Chrome. HTHRon From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: 08 February 2013 11:48
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates I got it working, you can check it out and do an xampp install for a quick preview of what’s there so far. Few observations on hooking it up: - Ages ago, Pat, we talked about firing the data at an ad-hoc page – there is code in the wizard that posts it to wizard.runtime if set, so we did do it. Before I realised this, I set a property called runtime and used it to point the preview to preview_bootstrap.php. I can’t remember if anyone is actually using .runtime to use a different playout or not (I have vague memories of GEM doing this for their PBL stuff?). I could have just posted the data to a page, but then you lose all the security stuff. - There is much the same code in the various play_, play_html5, play_bootstrap files that we ought to tidy up at some point. - I’ve put my own set of .js libraries etc in the /common folder, so that duplicates some things like jQuery, so it would be better to load common libraries from a central place. - I have no idea how hard it is to get appropriate urls showing in the properties tab for the play_, export, etc and have all that working when the template isn’t Nottingham. - Otherwise it’s pretty straightforward to add new tools, especially if you can work with the xwd /  wizard for an editor, and jQuery makes it really easy to pick up the xml and drive the content. Once this penny drops I can see other people wanting to build their own templates and add them in, so it would be worth smoothing out some time. I can do that probably, but I’m not so sure what needs to be in place to make the properties panel more flexible? Cheers, From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Pat @ Pgogy
Sent: 08 February 2013 09:15
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates Preview and play differ in terms of logged in access and password protection - but the display code should be in a library function. Agree your code base should be shared - wondering if modules could share that. In theory you could add a play parameter to the info file and then probably share the rest of the code? That might work better?

Pgogy Webstuff - http://www.pgogywebstuff.comMakers of web things of a fair to middling quality
On 8 Feb 2013, at 09:04, Julian Tenney <Julian.Tenney at nottingham.ac.uk> wrote:Well, it’s more that we have the same code in several places, and things like being able to get the runtime url in the wizard. I added a property to the wizard ‘runtime’ to point to my booststrap.php page.  A related question: is there anything different between preview and play, or could I just use the same file for both? From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Pat @ Pgogy
Sent: 07 February 2013 17:51
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates I would assume we accordion the templates list?

Pgogy Webstuff - http://www.pgogywebstuff.comMakers of web things of a fair to middling quality
On 7 Feb 2013, at 16:12, Julian Tenney <Julian.Tenney at nottingham.ac.uk> wrote:Yeah, that’s pretty much what I’m doing. It will work and that’s fine, just wondering about the situation where there loads of these things… From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Pat @ Pgogy
Sent: 07 February 2013 15:47
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates Duplicate the modules xerte folder into modules new template name Keep the edit php file as it is still xerte Mangle play and preview to present the HTML

Pgogy Webstuff - http://www.pgogywebstuff.comMakers of web things of a fair to middling quality
On 7 Feb 2013, at 09:46, Julian Tenney <Julian.Tenney at nottingham.ac.uk> wrote:Question for Pat I think: With the html5 playout, Fay has added play_html5.php that does the work, that’s all fine. I’ve got a new template I’d like to build in that produces this stuff:http://www.nottingham.ac.uk/~cczjrt/boostrapLO. The editor is a standard xerte wizard / xwd thing, but it uses its own html page to parse the xml and create the content. So I could add another html page to the folder and repeat what Fay has done for html5, but that seems a bit messy to sustain if, one day, we have loads of runtimes doing different things, I wondered if your modular stuff handled this in a more graceful way? There’s another difference here: Fay’s html5 code plays existing content – so you have two alternative urls for the same piece, ultimately we’ll switch toolkits to use the html5 one as the default, and the old one will remain as a legacy. In my case, it doesn’t work like that, these projects will always only use their html page: so that needs to be the url to display in properties for the project, and I guess that’s what needs to export as well. What do you think is the best thing to do? Julian _______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html

_______________________________________________ Xerte-dev mailing list Xerte-dev at lists.nottingham.ac.uk http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev



_______________________________________________ Xerte-dev mailing list Xerte-dev at lists.nottingham.ac.uk http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev 
Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html



_______________________________________________ Xerte-dev mailing list Xerte-dev at lists.nottingham.ac.uk http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev





_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130211/f7060e27/attachment-0001.html>


More information about the Xerte-dev mailing list