nodetube
nodetube copied to clipboard
mayeaux
Replace all comments in .pug files
The // comments are used for html comments and thus spill into production code.
The javascript comments are marked by //- as per pug docs.
I don't think there are a lot of cases requiring explicit html comments in production files.
@mayeaux Just open element inspector on any page of newtube.app and I guarantee there will be a bunch of html comments in the DOM tree, a lot of them feature pug syntax and sometimes even commented js code, which may or may not be working and thus potentially can become a source of vulnerabilities.
Something along these lines: https://github.com/BassOfBass/nodetube/commit/fe3c916da066f60649cc8d709ee2c97386896848 Not doing a pull request because I am on win7 and thus can't install Redis and MongoDB clients which also means I can't run local dev server. Is there a way to start it using cloud Redis?
You should be able to install Mongo and Redis on Windows still. Otherwise if you get a redis/mongo url from Heroku for example that'd be fine too (a cloud provider of each)
So I've kinda figured the setup out and can even start in dev mode, but Redis spews Uncaught Exception: ReplyError: NOAUTH Authentication required errors. After some research I found it requires password, which isn't the part of URL.
The endpoint link from redislabs doesn't look like it has the space for password, so where does it go?
I did set it in .env.private, but it doesn't look like Redis Cloud server URL follows the format expected by createClient(), judging by the code in redis.js.
It accepts the URL, but then complains about NOAUTH during development and tests, which makes me assume the auth/password should be a part of URL somehow.
https://github.com/mayeaux/nodetube/pull/363 Pretty sure these changes don't require to pass all tests.