Permalinks for code in Try Dart #15862
Comments
|
Definitely something to consider. Currently, Try Dart! works as a persistent scratch pad by saving code in localStorage. Permalinks shouldn't interfere with that, but other than that I see no real issue in supporting permalinks. |
|
Issue #16318 has been merged into this issue. |
|
A concern about security has arisen around this: with a permalink, you can execute arbitrary code in the context if try.dartlang.org. |
|
can you elaborate what the security concern is? prior art: jsbin.com jsfiddle.net By "permalink" I mean a url that I can share that links people to the snippet I just built. I assume that snippet is stored on the server. |
|
This seemed to me like a defence in depth measure, rather than a specific concern. Am I correct, is there a specific threat you're concerned about? |
|
There is no specific threat, but I'm not an expert on these issues. |
|
This comment was originally written by LukeEC...@gmail.com Ccing an expert ;) Ben - can you comment? |
|
https://codereview.chromium.org/298273002/ Added Started label. |
|
This comment was originally written by @financecoding Thoughts shared from https://plus.google.com/+PetervonderAh%C3%A9/posts/A4teh5Q4RyY I think Peter was interested in the gist idea so I'll elaborate on it. Would be nice if try dart could use jsonp to create / fetch /compile a gist. gists have a very simple rest/json api and with some standard convention try dart could look for a single file to compile. Longer term it would be neat if try dart could understand multiple files in a flat gist. possible url URL: http://permalink.try-dart-lang.appspot.com/?gist=https://gist.github.com/financeCoding/6408636 If the gist has a single dart file or main.dart file then load that file. Creating a gist for a user from trydart using jsonp might be more difficult since it would require oauth or tokened access for a user. Anonymous users can create gists https://gist.github.com/anonymous/cba6f3fccd30fc0d6915 useful links: https://developer.github.com/v3/gists/#get-a-single-gist |
|
Here is a complete example in Dart that downloads gist https://gist.github.com/anonymous/cba6f3fccd30fc0d6915. import "dart:html"; import 'dart:convert' show JSON; void main() { |
|
Here's how to create a gist: import "dart:html"; import 'dart:convert' show JSON; const String GIST_TOKEN = // Get this via https://github.com/settings/applications void main() { xhr.setRequestHeader("Authorization", "Basic " + window.btoa("$GIST_TOKEN:x-oauth-basic")); xhr.onLoad.listen((e) { |
|
Using HttpRequest.request is a bit nicer: HttpRequest.request( |
|
This comment was originally written by @yissachar http://vxhex.blogspot.ca/2012/11/weaponizing-jsfiddle-codepen-and-jsapp.html is a good read on some possible attacks that can be performed (also see part 2 and 3). |
|
This comment was originally written by @Emasoft To whoever is working on this: please add the automatic parse and import of dependencies, loading them like the SDK. For example here is a Gist I've made where I need to import the tweenengine library: https://gist.github.com/Emasoft/9098155ddef394d054ff Try Dart should parse the Gist and looking for a yaml file. Then it should import all the dependencies indicated in the yaml file. Then it should search for an HTML file and if no dart scripts are found in the HTML, then it should search the Gist directly for the Dart scripts. In the end you should be able to share a TryDart made with my Gist using this link: http://try.dartlang.org/gist/Emasoft/9098155ddef394d054ff This would make TryDart finally useful for sharing code. |
kevmoo
added
type-enhancement
I'd like to write some code in Try Dart! and then share both the code and the output with others.
I presume I need a permalink to my code so I can share that via email, social channels, etc.
The text was updated successfully, but these errors were encountered: