I’ve written a few little functions to help me sanitise content before including it in automatically generated JavaScript. The idea is to prevent code injection.
You can see the tests for my function in the scriptify_test.php file on ProgClub Member Net (where jsphp.co is hosted). You can view the scriptify unit tests in pcrepo.
Unit testing is fun! :)
I found the documentation for regular expressions at php.net.
I read somewhere on the internet to use the pattern modifiers “msU” to match multiline content, but while I understand the ‘m’ and the ‘s’ I don’t understand the ‘U’ very well. I’m not sure what it means to be greedy or ungreedy exactly. But I’ve been using msU pattern modifiers in my regexps that parse the phpjs.org content for import into jsphp.co.
I found the documentation on missing functions at phpjs.org. I wrote some code to import these functions too, and now I’m modelling “port status” on functions at jsphp.co, where the port status can be any of: Ported, Unported, Not porting, Experimental or Workbench.
I’ve been putting view code in my object models and not feeling the least bit bad about it.
You can see here, and scroll down a bit to find the view links section. Then scroll a little further for other examples of view code in the models.
If it’s wrong, then why does it feel so right?
I had to use the CSS z-index property today to fix up a problem I was having with the YUI Html Editor, whereby my popup menus were rendering behind it. Everything is easy once you know how!
Been reading about Cross-site scripting today on Wikipedia just to see if there was anything I didn’t already know. I’m in the process of code reviewing the entire Pcphpjs code base to remove all the XSS vulnerabilities that I left latent while hacking it together and learning the CodeIgniter and Doctrine frameworks. Now things are relatively stable so I’m going to go over the whole thing and refactor it with a view to code reviewing data handling for HTML injection while I’m at it.
This is where all the trouble began. Back on July 19th this year I commented on the base64_encode function over at phpjs.org letting them know about a bug in their function whereby they were encoding as UTF-8 (whatever that means) prior to doing the Base64 encoding, which is a bug. Anyway, I had to patch the code myself for its use in pccipher and after several months no-one at phpjs has fixed up the implementation. So, that makes me mad, and when I’m mad, I fork!
I forked ProgSoc into ProgClub, and now I’m forking phpjs.org into jsphp.co. Both times it was because there was something going on that gave me the shits and I felt as if I could do a better job. So far I’m really pleased with my results. One great thing about forking is that it encourages the other party to lift their game. I wouldn’t be surprised to see phpjs.org improve its features after they see what I’ve done with jsphp.co.
Update: I ended up fixing that base64_encode function. My notes are in the comments.
I’ve been learning about how to create forms using CodeIgniter and its Form Helper subsystem.
Finally starting to get my head around Doctrine‘s Association Mappings. In the jsphp.co project I’m using one-to-one, one-to-may, many-to-one, and many-to-many relationships now, so I’ve got an example of everything.
I cheated with the design of the jsphp.co web-site and used a layout from this article CSS layouts. I use a slightly customised version of the one column fixed width layout and the two column fixed width layout.