Thanks a lot @mishav for this. It really addresses my pains with writing mathematical expressions with parenthesis . Prior to this i was using math.js plugin which for some reason i found to be a bit slow to call even for very simple expressions.
This is great, especially enjoying the Javascript To Bubble, lots of potential here. Any chance of getting a âBubble To Javscriptâ tool so that we can create JS events?
These are great @mishav!
Curious about the Expression one and the checkbox / concern about executable code. Does this mean we should not allow users to use Inputs to set values used in the expression? (even if inputs only allow numbers?)
Or do you know of a work around for dynamic numbers to be used in the expression.
Its really a reminder to be aware of a possible attack window. What we want to prevent is a user inputting javascript to run on other peopleâs browsers (they can do what they like to their own browser). So this is only a concern if evaluating text fields retrieved from the database or an API that contain user input that hasnât been âsanitisedâ.
How to clean text data of executable code? A simple solution is to use two :find & replace: replace \ with \\, then replace " with \", then the text can be put within double quotes and be treated as text only in the evaluation, with the escape codes inside them being escaped. : )
An example:
I didnât want to invent an obscure expression syntax, so I use javascript for the expression evaluation. So it has pretty much the same security holes as the HTML element does.
Numbers, dates, etc. arenât executable code on their own, so no problem there. Just need to be careful with text from an untrusted source.
I am trying to pull a hex color code from a color picker element and save it as a database text thing using JavaScripttoBubble. I found this Examples - jscolor: JavaScript Color picker
In the examples it reckons this should work:
The color selector itself works but no data is being sent to bubble_fn_1 like in your example. This function does work if I replace (jscolor) with (âtest textâ), but I can not seem to figure out how to properly retrieve the hex code and use that text in Bubble.
I am trying to update a database variable based on this changing hex code. Essentially removing a manual step for the user â instead of forcing them to click on a button that saves the hex code, this would be saved dynamically whenever a new color is selected. Thoughts?