(G|S)etting arbitrary properties on user nodes -- is this safe?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

(G|S)etting arbitrary properties on user nodes -- is this safe?

DavidJCobb

Right now, on a test site I've been using to develop features in NAML, I've got an interesting little feature up and running... In the custom "user_profiles.naml" file I have, I managed to create custom profile options for users.

The method by which I do this is fairly simple -- <n.some_user_node.set_property name="about_me" value="This is a blurb!"/> -- and it seems to work just fine right now. However, this is undocumented functionality, so honestly I have no idea if it's future-compatible. Will this method remain functional and safe to use in the future?

Reply | Threaded
Open this post in threaded view
|

Re: (G|S)etting arbitrary properties on user nodes -- is this safe?

Peter <Nabble>
Yes, it should be safe.
Nabble staff. We never ask for passwords.
Reply | Threaded
Open this post in threaded view
|

Re: (G|S)etting arbitrary properties on user nodes -- is this safe?

DavidJCobb
Thank you for the quick reply.

I do have another question real quick: how would I go about applying the same HTML processing to these custom properties as that applied to posts? I.e. stripping out SCRIPT tags and the like, while permitting most HTML code? I found process_message_html and the related macros, but I can't get them to work for anything that isn't specifically a message or signature.
Reply | Threaded
Open this post in threaded view
|

Re: (G|S)etting arbitrary properties on user nodes -- is this safe?

Hugo <Nabble>
In reply to this post by DavidJCobb
DavidJCobb wrote
<p>The method by which I do this is fairly simple -- <code><n.some_user_node.set_property name="about_me" value="This is a blurb!"/></code> -- and it seems to work just fine right now. However, this is undocumented functionality, so honestly I have no idea if it's future-compatible. Will this method remain functional and safe to use in the future?</p>
If the idea is to expand the user profile, then you should use the user properties instead of the node properties. So you can call things like this:
n.page_user.has_property name="abc"
n.page_user.set_property name="abc" value="1"
n.page_user.delete_property name="abc"
n.page_user.get_property name="abc"
I know this information is not easily available on our NAML user interface, but we will keep improving it so that users can explore the binary namespaces and learn more about the available commands.
Reply | Threaded
Open this post in threaded view
|

Re: (G|S)etting arbitrary properties on user nodes -- is this safe?

Hugo <Nabble>
In reply to this post by DavidJCobb
DavidJCobb wrote
how would I go about applying the same HTML processing to these custom properties as that applied to posts? I.e. stripping out SCRIPT tags and the like, while permitting most HTML code? I found process_message_html and the related macros, but I can't get them to work for anything that isn't specifically a message or signature.
This is a very good question. I will discuss this with the Nabble team and try to find a solution. I will get back to you soon.
Reply | Threaded
Open this post in threaded view
|

Re: (G|S)etting arbitrary properties on user nodes -- is this safe?

DavidJCobb
In reply to this post by Hugo <Nabble>
Hugo <Nabble> wrote
DavidJCobb wrote
<p>The method by which I do this is fairly simple -- <code><n.some_user_node.set_property name="about_me" value="This is a blurb!"/></code> -- and it seems to work just fine right now. However, this is undocumented functionality, so honestly I have no idea if it's future-compatible. Will this method remain functional and safe to use in the future?</p>
If the idea is to expand the user profile, then you should use the user properties instead of the node properties. So you can call things like this:
n.page_user.has_property name="abc"
n.page_user.set_property name="abc" value="1"
n.page_user.delete_property name="abc"
n.page_user.get_property name="abc"
I know this information is not easily available on our NAML user interface, but we will keep improving it so that users can explore the binary namespaces and learn more about the available commands.
Ah, I actually did set it directly on the users. I just thought that users were also nodes, which is why I said "some user node". Thank you for the clarification.

Hugo <Nabble> wrote
DavidJCobb wrote
how would I go about applying the same HTML processing to these custom properties as that applied to posts? I.e. stripping out SCRIPT tags and the like, while permitting most HTML code? I found process_message_html and the related macros, but I can't get them to work for anything that isn't specifically a message or signature.
This is a very good question. I will discuss this with the Nabble team and try to find a solution. I will get back to you soon.
Thanks. You and Peter's help is very, very much appreciated. :)
Reply | Threaded
Open this post in threaded view
|

Re: (G|S)etting arbitrary properties on user nodes -- is this safe?

Hugo <Nabble>
In reply to this post by DavidJCobb
DavidJCobb wrote
how would I go about applying the same HTML processing to these custom properties as that applied to posts? I.e. stripping out SCRIPT tags and the like, while permitting most HTML code? I found process_message_html and the related macros, but I can't get them to work for anything that isn't specifically a message or signature.
We just added a new command to make this possible. The name of the command is "to_html_list" and can be used like this:
<n.to_html_list. text="[n.my_text/]">
	<n.process_message_html/>
</n.to_html_list.>
my_text is your text to be processed. Here is a sample macro with hardcoded text:
<macro name="my_text">
   aaa
   <b>bbb</b>
   ccc
   <script>var i;</script>
   ddd
   <a href="#">link</a>
</macro>
And the result is:
aaa
<b>bbb</b>
ccc
&lt;script&gt;var i;&lt;/script&gt;
ddd
<a href="#" target="_top" rel="nofollow" link="external">link</a>
Please let me know if you have questions.
Reply | Threaded
Open this post in threaded view
|

Re: (G|S)etting arbitrary properties on user nodes -- is this safe?

DavidJCobb
This is perfect! Thanks for the addition. :D
Reply | Threaded
Open this post in threaded view
|

Re: (G|S)etting arbitrary properties on user nodes -- is this safe?

Der Flatulator6
DavidJCobb wrote
This is perfect! Thanks for the addition. :D
I'd like to send my thanks as well. The work you've put into NAML, and the support like this is thoroughly appreciated.  Just take a look at testing perfection, and you'll see your time and effort has not gone to waste. Cobb's added awesome features across the forum, including a Quick Reply, "Quick Edit", and customizable User "About Me" pages.
http://derflatulator.com/
Reply | Threaded
Open this post in threaded view
|

Re: (G|S)etting arbitrary properties on user nodes -- is this safe?

Hugo <Nabble>
Thanks. It indeed looks amazing.
That's only the beginning of NAML and the potential is huge. We are still working on the UI and also trying to reach perfection on our side :-)