[Xerte-dev] Re: Avoiding eval()

Smith, John J.J.Smith at gcu.ac.uk
Mon Feb 11 12:23:53 GMT 2013


In a lot of use cases it is EVIL().... I've seen lots of really bad examples...

Sometimes though it saves hundreds of lines of code and if you are not eval-ing some unknown then why not... it's just another tool in the box, only dangerous if you don't know the risks...

Regards,

John Smith
Learning Technologist
School of Health & Life Sciences
Glasgow Caledonian University

From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Dave Burnett
Sent: Monday, February 11, 2013 12:12 PM
To: xerte-dev at lists.nottingham.ac.uk
Subject: [Xerte-dev] Re: Avoiding eval()

John, we're damaged.
Eval = Evil
Julian and I cut our teeth on this type of discussion:



The friendly challenge was directed to those who, in the past, have said
things like: "Eval is evil" and "The first thing I do when I work on
someone else's code is go through it and remove ALL the Evals." The
friendly challenge was for someone to come up with a better GENERIC,
REUSABLE, DYNAMIC, CUSTOM LIST FUNCTION THAT WOULD WORK FOR ANY COMPATIBLE
LIST STRUCTURE, AND THAT DID NOT USE EVAL!!!!!!!!!!!!!


Authorware listserv circa 2002
It was a long rant ending with the lister's resignation from the list.
;-)



________________________________
From: J.J.Smith at gcu.ac.uk<mailto:J.J.Smith at gcu.ac.uk>
To: xerte-dev at lists.nottingham.ac.uk<mailto:xerte-dev at lists.nottingham.ac.uk>
Date: Mon, 11 Feb 2013 11:49:07 +0000
Subject: [Xerte-dev] Re: Avoiding eval()
We use eval several times in the xenith code. If you know the source of what you are eval()ing then I don't think it's 'BAD'...

Since FileLocation needs to be set in order for eval to work then you can do something with string parsing like

var path = FileLocation + $(data).find('learningObject').attr('header').split("'")[1]

Regards,

John Smith
Learning Technologist
School of Health & Life Sciences
Glasgow Caledonian University

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: Monday, February 11, 2013 11:09 AM
To: For Xerte technical developers
Subject: [Xerte-dev] Avoiding eval()

Can you avoid eval? In the case of file paths, the only thing I can think to do is to use eval(), and I know that's not the 'right' thing to do?

//get the file path from the string "FileLocation + 'media/header.png'"
var path = eval( $(data).find('learningObject').attr('header') );

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Smith, John
Sent: 11 February 2013 10:41
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates

Yeah I couldn't get any of the methods of jQuery parsing to work with that model in IE with that shape data. Not sure if it breaks some rule or something by having a reserved word etc but I know one of the JSON objects received from an external for one of the models (flickr or delicious or something) uses a reserved word that IE bokes on....

Regards,

John Smith
Learning Technologist
School of Health & Life Sciences
Glasgow Caledonian University

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: Monday, February 11, 2013 10:26 AM
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates

                                if (typeof data == 'string'){
                                                //have to mangel the data for IE, not sure if this works??
                                                data = $.parseXML(data);
                                }

Seems to have done the trick.

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Smith, John
Sent: 11 February 2013 10:23
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates

Hi Julian

Check lines 560-568 of the textDrawing.html model as I had to do similar to play nicely in IE. jQuery will quite happily turn text to XML for other browsers though...

                                var xml;
                                if (jQuery.browser.msie) { // Had to add this in to get IE to parse <shapes> correctly
                                        var xmlDoc = new ActiveXObject("Microsoft.XMLDOM");
                                        xmlDoc.loadXML($(x_currentPageXML).text());
                                        xml = xmlDoc;
                                }
                                else {
                                        xml = $($(x_currentPageXML).text());
                                }

Regards,

John Smith
Learning Technologist
School of Health & Life Sciences
Glasgow Caledonian University

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: Monday, February 11, 2013 9:35 AM
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates

There's some funky stuff with IE and ajax in jQuery when you set the dataType to 'xml'. I did have it set to 'text', it's a known thing and I'll figure it out.

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Ron Mitchell
Sent: 08 February 2013 16:14
To: 'For Xerte technical developers'
Subject: [Xerte-dev] Re: Modular Play and New Templates

Hi Julian
I updated a test install but then re-installed over the top so that your template installed in the database so at some point the relevant sql will need to be added to upgrade.php but I'm sure you're aware of that.

On this test install when viewing properties of either a bootstrap project or an xot project only the flash play.php shows now in the properties window.

play_bootstrap.php doesn't seem to play very nicely in IE whereas I'm sure http://www.nottingham.ac.uk/~cczjrt/boostrapLO did but that's now showing as forbidden. play_bootstrap.php plays ok in Chrome.

HTH
Ron

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: 08 February 2013 11:48
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates

I got it working, you can check it out and do an xampp install for a quick preview of what's there so far.

Few observations on hooking it up:

- Ages ago, Pat, we talked about firing the data at an ad-hoc page - there is code in the wizard that posts it to wizard.runtime if set, so we did do it. Before I realised this, I set a property called runtime and used it to point the preview to preview_bootstrap.php. I can't remember if anyone is actually using .runtime to use a different playout or not (I have vague memories of GEM doing this for their PBL stuff?). I could have just posted the data to a page, but then you lose all the security stuff.

- There is much the same code in the various play_, play_html5, play_bootstrap files that we ought to tidy up at some point.

- I've put my own set of .js libraries etc in the /common folder, so that duplicates some things like jQuery, so it would be better to load common libraries from a central place.

- I have no idea how hard it is to get appropriate urls showing in the properties tab for the play_, export, etc and have all that working when the template isn't Nottingham.

- Otherwise it's pretty straightforward to add new tools, especially if you can work with the xwd /  wizard for an editor, and jQuery makes it really easy to pick up the xml and drive the content. Once this penny drops I can see other people wanting to build their own templates and add them in, so it would be worth smoothing out some time. I can do that probably, but I'm not so sure what needs to be in place to make the properties panel more flexible?

Cheers,

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Pat @ Pgogy
Sent: 08 February 2013 09:15
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates

Preview and play differ in terms of logged in access and password protection - but the display code should be in a library function.

Agree your code base should be shared - wondering if modules could share that. In theory you could add a play parameter to the info file and then probably share the rest of the code?

That might work better?

Pgogy Webstuff - http://www.pgogywebstuff.com
Makers of web things of a fair to middling quality

On 8 Feb 2013, at 09:04, Julian Tenney <Julian.Tenney at nottingham.ac.uk<mailto:Julian.Tenney at nottingham.ac.uk>> wrote:
Well, it's more that we have the same code in several places, and things like being able to get the runtime url in the wizard. I added a property to the wizard 'runtime' to point to my booststrap.php page.

A related question: is there anything different between preview and play, or could I just use the same file for both?

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Pat @ Pgogy
Sent: 07 February 2013 17:51
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates

I would assume we accordion the templates list?

Pgogy Webstuff - http://www.pgogywebstuff.com
Makers of web things of a fair to middling quality

On 7 Feb 2013, at 16:12, Julian Tenney <Julian.Tenney at nottingham.ac.uk<mailto:Julian.Tenney at nottingham.ac.uk>> wrote:
Yeah, that's pretty much what I'm doing. It will work and that's fine, just wondering about the situation where there loads of these things...

From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Pat @ Pgogy
Sent: 07 February 2013 15:47
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Modular Play and New Templates

Duplicate the modules xerte folder into modules new template name

Keep the edit php file as it is still xerte

Mangle play and preview to present the HTML

Pgogy Webstuff - http://www.pgogywebstuff.com
Makers of web things of a fair to middling quality

On 7 Feb 2013, at 09:46, Julian Tenney <Julian.Tenney at nottingham.ac.uk<mailto:Julian.Tenney at nottingham.ac.uk>> wrote:
Question for Pat I think:

With the html5 playout, Fay has added play_html5.php that does the work, that's all fine. I've got a new template I'd like to build in that produces this stuff:
http://www.nottingham.ac.uk/~cczjrt/boostrapLO. The editor is a standard xerte wizard / xwd thing, but it uses its own html page to parse the xml and create the content.

So I could add another html page to the folder and repeat what Fay has done for html5, but that seems a bit messy to sustain if, one day, we have loads of runtimes doing different things, I wondered if your modular stuff handled this in a more graceful way?

There's another difference here: Fay's html5 code plays existing content - so you have two alternative urls for the same piece, ultimately we'll switch toolkits to use the html5 one as the default, and the old one will remain as a legacy. In my case, it doesn't work like that, these projects will always only use their html page: so that needs to be the url to display in properties for the project, and I guess that's what needs to export as well.

What do you think is the best thing to do?

Julian

_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk<mailto:Xerte-dev at lists.nottingham.ac.uk>
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk<mailto:Xerte-dev at lists.nottingham.ac.uk>
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk<mailto:Xerte-dev at lists.nottingham.ac.uk>
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev

Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html<http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name%2c6219%2cen.html>

Winner: Times Higher Education's Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html<http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name%2c15691%2cen.html>

Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html<http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name%2c6219%2cen.html>

Winner: Times Higher Education's Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html<http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name%2c15691%2cen.html>

Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education's Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html

_______________________________________________ Xerte-dev mailing list Xerte-dev at lists.nottingham.ac.uk<mailto:Xerte-dev at lists.nottingham.ac.uk> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev



Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education's Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130211/7666b350/attachment-0001.html>


More information about the Xerte-dev mailing list