I use 3 tabs… 
I use 8½ spaces.
My life is so much less complicated now. Thanks for that advice.
That’s the only thing I don’t like Ruby Console+. It doesn’t handle the half spaces right. 
1 Like
I’ve been using eval as a generic callback for HTMLDialogs enabling me to call ruby methods directly from JavaScript.
window.location = 'skp:do_action@update_settings';
Any reason not to do this? Obviously it’s not a security risk in the case of SketchUp since the ruby console is available for anyone to use.
If you get the web content from the internet this could be used for code injection if someone get access to the website/domain it uses.
It could also lead to the code doing the same job being spread out over many different files including the JS file, rather than just passing minimal information and have as much of the logic on one place as possible.
Good point. I’m using it for UI only so no change of malicious injection from the web. I mostly used it to request data when the document has loaded, and also in button events. It cuts down on the amount of call backs that are needed.
I suppose an alternative would be to create a method to select the action. The JS could stay the same.
@settings_dlg.add_action_callback('do_action') { |_dialog, action| do_action(action) }
def do_action(action)
case action
when 'update_settings'
update_settings
when 'export_settings'
export_settings
else
#This is a malicious attack! Yell bloody murder!
end
The skp protocol is undocumented for the HtmlDialog class.
You should be using the sketchup object. IE …
sketchup.do_action("action");
The docs specifically say …
Use the
sketchup.callback_method_nameto invoke the callback method from your html dialog.
And why is this in the Rubocop topic ?
2 Likes
I never noticed when I switched from WebDialog. It looks like a much cleaner way. Thanks for bringing that to my attention.
Just checking if eval is evil in the SketchUp Ruby context.
todo.push(eval == evil ? 'remove eval from code' : 'add ignore to Rubocop')
Well there are some perfectly fine “eval” methods like instance_eval, class_eval, and module_eval.
But the concept of “eval is evil” could likely have it’s own topic.
Does Rubocop have a config switch to ignore use of eval() ?
1 Like
Yes. Rubocop uses a .rubocop.yml file for changing preferences.
https://docs.rubocop.org/rubocop/cops_security.html#securityeval
Security/Eval:
Enabled: false
Or you can disable the check for a single file.
Security/Eval:
Exclude:
- 'RBScripts/Building_Creator/lib/Settings.rb'
According to the docs
This cop checks for the use of
Kernel#evalandBinding#eval.
1 Like
I just found out I can disable the cop in the file directly.
# rubocop:disable Naming/MethodName
class SelObserver < Sketchup::SelectionObserver
def onSelectionBulkChange(_selection)
BC.update_spec_editor
end
def onSelectionCleared(_selection)
BC.show_building_specs
end
end
# rubocop:enable Naming/MethodName
1 Like