Brad Fitzpatrick (bradfitz) wrote in lj_dev,
Brad Fitzpatrick
bradfitz
lj_dev

S2 Updates

Objects with an as_string() method now interpolate in strings. If the object is null, it interpolates to nothing, so you can do things like: "$security_icon $subject"

Boolean context has been expanded to include everything except the void type:
-- objects are true if they're defined
-- strings are true if they're not ""
-- arrays/hashes are true if they have elements

Lots of XSS (JavaScript injection) holes fixed. S2 now supports attributes on functions. Before "builtin" was the only attribute. Now there's also "notags" (function isn't allowed to return "<" or ">" characters) and "fixed" (function can't be overridden). A lot of things have been marked with those. If your layout no longer compiles you'll have to make your own functions/methods and use those instead. Sorry.

Properties are escaped recursively (arrays & hashes) and untrusted assignments to properties have tags escaped. This way trusted layers can always trust the safety of properties.

Because htmlattr() is now a builtin, a lot of styles won't run anymore. They'll need to be recompiled. Sorry.

In the future, major changes like this won't happen and break things, or things will be auto-recompiled. But the S2 userbase is small enough yet I can do big changes like this without a big problem.

A lot more data is populated now.

Jesse updated Generator's MonthPage to look nice.

If you can get JavaScript into a style, email me (brad@danga.com) directly with details (don't post to lj_dev!) and I'll give you some paid-account lovin'.

ReplyPage coming next.

Update: I'm pretty the errors the 3 of you reported were from between I recompiled the system layers and restarted the webservers. Let me know if the problem persists.
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 7 comments