Some questions regarding JS extensions

To discuss development of addons / skins / customization of MediaMonkey.

Moderators: jiri, drakinite, Addon Administrators

Christoph
Posts: 239
Joined: Fri Jan 25, 2008 12:43 pm

Some questions regarding JS extensions

Post by Christoph »

Hey,
at first, thanks for this great reboot of MediaMonkey. Basing it largely on web technology is a very nice way to simplify addon development and get it in line with other tools based on frameworks like Electron. :) Were there any reasons to not base it on Electron?

While getting my hands dirty working on some scripts I stumbled upon the following things. Maybe there already are solutions I'm missing.

1. Is there any builtin way for escaping strings for use in a sqlite query? Methods like

Code: Select all

getTracklist()
only accept a single query parameter. So if for example the query includes some user input it needs to be escaped to be handled securely. Currently I'm doing the escaping on my own, however usually database adapters provide some ways for this.
2. Are there any TypeScript definitions available or planned? This would enhance the developer experience.
3. Is there any way with

Code: Select all

QueryResults
to retrieve all field names returned by the query? At the moment I explicitly pick the fields by name and map them in an object.

Code: Select all

QueryResults.fields
allows accessing the values by index but also doesn't provide a way to retrieve the column names.
4.

Code: Select all

window.prompt()
doesn't seem to focus the input field by default. Can this be changed?

Thanks in advance!
PetrCBR
Posts: 1722
Joined: Tue Mar 07, 2006 5:31 pm
Location: Czech
Contact:

Re: Some questions regarding JS extensions

Post by PetrCBR »

re electron) we do not want to be dependant on any 3rd party framework
re 3) you can use QueryResults.names ... it will return string list
re 4) will check
Christoph
Posts: 239
Joined: Fri Jan 25, 2008 12:43 pm

Re: Some questions regarding JS extensions

Post by Christoph »

Thanks for the response.

Regarding 3)
Thanks. That worked:

Code: Select all

QueryResult.names.forEach((column) => console.log(column.toString()));
Is this considered a stable public API as it isn't documented here? https://www.mediamonkey.com/webhelp/MM5 ... sults.html
drakinite
Posts: 375
Joined: Tue May 12, 2020 10:06 am
Contact:

Re: Some questions regarding JS extensions

Post by drakinite »

2) I actually did start work on a .d.ts file a while ago, which contained globally accessible methods and such. If it'd be helpful to you, like to help your IDE with auto code completion and what not, I can continue on it and we could possibly release it with the code.
Image
Student electrical-computer engineer, web programmer, part-time MediaMonkey developer, full-time MediaMonkey enthusiast
Christoph
Posts: 239
Joined: Fri Jan 25, 2008 12:43 pm

Re: Some questions regarding JS extensions

Post by Christoph »

drakinite wrote: Sun Apr 11, 2021 2:38 pm 2) I actually did start work on a .d.ts file a while ago, which contained globally accessible methods and such. If it'd be helpful to you, like to help your IDE with auto code completion and what not, I can continue on it and we could possibly release it with the code.
Thanks for the offer. :) If there's a general demand for it and/or the definitions can be produced automatically from your dev workflow, then sure, that would be awesome. However if it would be just for me then maybe it's too much work?

For my simple project I created the definitions I needed but they barely scratch the surface of the whole MM5 API. So for my purposes I'm fine with creating the needed definitions as I go.

An answer to 1) would be appreciated - especially for other developers, as this would encourage safe(r) addon development. :)
drakinite
Posts: 375
Joined: Tue May 12, 2020 10:06 am
Contact:

Re: Some questions regarding JS extensions

Post by drakinite »

Yep - I'm checking with Ludek for a definitive answer on number 1, but my guess is that the answer is no. I'm not sure if there are any database calls that are done by direct input from the user.
And if the user inputs any malicious sql-escaping stuff, I could be wrong, but the worst that can happen is having their own database corrupted (which they should probably be backing up anyways, just in case).

As for MediaMonkeyServer, that is a project that needs more security in its sql statements. (I'm in the process of switching all sql queries in MMS to prepared statements; though I don't believe the MM5 db currently uses prepared statements.)
Image
Student electrical-computer engineer, web programmer, part-time MediaMonkey developer, full-time MediaMonkey enthusiast
Post Reply