Comments (6)
a2937
commented on June 14, 2024
So for the authors page project, we probably need to add a step where step 16 is currently at that deals with sanitizing the data. I think we should consider adding some innocent but demonstrative bad data into our API. Stuff like special characters before it can actually be displayed on the page. At minimum, adding some less than and greater than symbols that need encoded could help.
As for forum leaderboard project, roughly around step 11 is where we should do the same thing.
from freecodecamp.
ShaunSHamilton
commented on June 14, 2024
Because we are not exactly set up for modules, we might want to go the route of:
You could insert the data into your element by setting the
innertHTMLproperty. However, this exposes your page to _____. Instead, use theinnerTextproperty to insert the data: ....
from freecodecamp.
jdwilkin4
commented on June 14, 2024
Instead, use the innerText property to insert the data:
innerText doesn't work though
Are you suggesting to make this change?
authorContainer.innerText += `
<div id="${index}" class="user-card">
<h2 class="author-name">${author}</h2>
<img class="user-img" src="${image}" alt="${author} avatar">
<div class="purple-divider"></div>
<p class="bio">${bio.length > 50 ? bio.slice(0, 50) + '...' : bio}</p>
<a class="author-link" href="${url}" target="_blank">${author} author page</a>
</div>
`;because if so, it would produce this result
from freecodecamp.
ShaunSHamilton
commented on June 14, 2024
Are you suggesting to make this change?
No, I suggest splitting the stuff we control and the text into different parts.
I see why that might not work very easily; Previously, I had just looked at the forum leaderboard:
const showLatestPosts = (data) => {
const { topic_list, users } = data;
const { topics } = topic_list;
postsContainer.innerHTML = topics.map((item) => {
const {
id,
title,
views,
posts_count,
slug,
posters,
category_id,
bumped_at,
} = item;
return `
<tr>
<td>
<p class="post-title">${title}</p>
${forumCategory(category_id)}
</td>
<td>
<div class="avatar-container">
${avatars(posters, users)}
</div>
</td>
<td>${posts_count - 1}</td>
<td>${viewCount(views)}</td>
<td>${timeAgo(bumped_at)}</td>
</tr>`;
}).join("");
};from freecodecamp.
jdwilkin4
commented on June 14, 2024
No, I suggest splitting the stuff we control and the text into different parts.
That might work.
We technically control all of the content for the authors page project since it is just a hardcoded json file
https://github.com/freeCodeCamp/cdn/blob/main/build/curriculum/news-author-page/authors.json
from freecodecamp.
moT01
commented on June 14, 2024
It could be enough to just use textContent or innerText where we can and explain that "usually you would sanitize the data" or something. I guess wouldn't prefer that. This kinda seems like a good place to teach it.
from freecodecamp.
Related Issues (20)
- Learn Introductory JavaScript by Building a Pyramid Generator - Step 20 - instructions refer to `rows[2]` instead of `rows[rows.length - 1]` HOT 1
- hello HOT 1
- rewording suggestion for step 26 learn introductory javascript by building a pyramid generator HOT 1
- Dice Game - Step 16: regex too strict
- Allow users + tests to sign in to multiple users
- Refactor step 12 of HTML cat photo app project HOT 16
- Feedback on teaching for loops steps in JS Beta Build a Pyramid Project HOT 2
- Thanks for contribution!
- Rename currentWeapon variable to currentWeaponIndex HOT 2
- Replace `hidden-xs` class with an `isMobile` check HOT 2
- Learn Functional Programming by Building a Spreadsheet - Step 74 Accepts Regex That Don't Meet Criteria HOT 3
- JavaScript Algorithms and Data Structures (Beta) - Step 13 HOT 12
- [Certification Projects] Update the instruction to mention that the users need to manually save their code HOT 4
- Update remaining S3 links to new CDN links
- Add a new step 1 to better explain what the pyramid generator is about HOT 9
- Icon in the Help button should be hidden from screen readers
- Teach unreachable code and scope in separate lessons for pyramid project HOT 7
- remove __pyodide now that all the tests use runPython.
- Remove __locals now that all tests access variables directly
- Step 1 of RPS project allows for incorrect answers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from freecodecamp.