OK, so the cljsjs package is an externs-only thing, so I am supposed to go ahead and load it directly in the page.

But the piiData is missing from the stripe.ext.js file.

I’ll move to the String properties in your second link. Thanks, @darwin you saved me hours.

Is there a way to dead code eliminate statements like this (when js/goog.DEBUG (log “debugging log call”)) if you have {:closure-defines {"goog.DEBUG" false} set? Because I’m seeing the compiled code turn into u(!1)&&Xn("debugging log call”) which seems kinda silly as it means false && log(”debugging log call”) so it can never be called. Shouldn’t this be eliminated?

@seantempesta relevant: https://github.com/clojure/clojurescript/wiki/Compiler-Options#closure-defines

it says that you should be using "if or cond in combination with an identical? comparison"

@seantempesta check what happens if you use ^:boolean in front of js/goog.DEBUG

that should give enough hints for the compiler to optimise it away

https://github.com/binaryage/dirac <-- is this for real? How did I not know about a cljs repl integrated into the browser as a plugin? What are the security implications of this? (If I'm using two machines on an untrusted network).

Same security implications as using javascript from the console I guess 🙂

I may be paranoid, but this is what scares me: A (running lein + figwheel) and B (running chrome) are on an untrusted network if B can get a cljs repl [which typically is evalled on the server] in the browser -- that means other parties on the network can get a cljs repl doesn't this give them access on machineA ?

@hwk to some extent yes

although the cljs compiler never evals anything, so there are only a limited amount of ways this can affect you

but it could certainly screw up your figwheel instance

bind figwheel to localhost to be safe 😉

@thheller dirac repl does not use bootstrapped, it sends code snippets to a (local) nREPL server for compilation, so potential attacker who would get access to the REPL prompt could do anything with your machine (via cljs macros for example)

@hwk: intended setup is to run everything from a single machine and by default it binds all network services to localhost, but I’m not a security expert to tell you that this is safe

@thheller "but it could certainly screw up your figwheel instance”, can you elaborate please?

@seantempesta @danielcompton is correct, you have to do (if ^boolean js/goog.DEBUG (your-code)), I’ve encountered this problem myself here: https://github.com/binaryage/cljs-devtools/releases/tag/v0.5.3

because of this incident I tend to avoid closure defines and simply use macros instead, macros can be trusted 🙂

Thanks @darwin and @danielcompton

btw. here is a related patch which fixes cljs compiler in this regard, but it is not clear if it does not have any unintended consequences: http://dev.clojure.org/jira/browse/CLJS-1615

@darwin well someone could send stuff to the figwheel REPL

which then gets eval'd in your browser

don't think one could do actual harm with that but still

devtools should not be publicly accessible 😉

I don’t follow, if someone could send stuff to the figwheel REPL => they gained full control over your machine

so you have much bigger problem at hand, than messed up figwheel instance

I didn't audit figwheel, so I cannot say if they gain full control

I'd say it is unlikely

but they certainly can mess with anyone connected to the REPL

Figwheel uses cljs compiler to compile the code and compiler will drop to clojure for macro expansion, macros can do any JVM stuff, e.g access filesystem

yes but you can't create macros via figwheel repl

so if you don't have a "bad" macro there is no way to exploit it

ok, I take that point

as long as there is no eval involved you are pretty safe

and there usually isn't

Hi all (cross post from the reagent group: https://groups.google.com/d/msg/reagent-project/iSxt-KVou98/x9yl4T1OBQAJ) In brief, my understanding is that I should never see the “SAME!” console.log in the following code in 0.6.0:

(def active-stage-headers (ratom/reaction .....)
 
(defonce old-stage-header-ids (atom [])) ;; - a "normal" atom, not a reagent.ratom/atom
(def active-stage-header-ids
  (ratom/reaction
   (let [result (mapv (comp :id :patient) @active-stage-headers)]
     (if (= @old-stage-header-ids result)
       (js/console.log "recalculating stage-header-ids SAME!")
       (js/console.log "recalculating stage-header-ids DIFFERENT!"))
     (reset! old-stage-header-ids result)
     result)))

@mfikes just had my first self-hosted-test.check failure; I was about to push to master and then decided I should run those tests :)

FYI raised an issue against reagent: https://github.com/reagent-project/reagent/issues/277

@gfredericks I’ll take a look.

Or, is it something that only occurs for a change you have locally?

@mfikes: oh I didn't mean it was an active problem, just wanted to point out that you have successfully guarded against regressions. it was a use of a namespaced keyword that accidentally got $macros or whatever appended to it

@gfredericks Ahh cool. If I can help sort out a solution, let me know. 🙂 This might be relevant: https://github.com/clojure/clojurescript/commit/7e90ad51452ec5edd8ee7f2b7af9c7e7fb759c97

@mfikes I just spelt the keyword out instead of using ::foo, and that worked

@darwin Is the nrepl connection to dirac in cursive a full functional cljs repl? I get errors like CompilerException java.lang.RuntimeException: Unable to resolve symbol: get in this context, compiling:

@gfredericks Yeah, you need to do that with versions of ClojureScript prior to the linked patch. From the ticket description: "a keyword like ::bar would turn in to :foo.core$macros/bar."

@gfredericks Your “spelled out” workaround should continue to work with newer versions of ClojureScript.

@mfikes is it fixed in the latest release?

@danielgrosse sorry, I don’t really know what do you mean by "nrepl connection to dirac in cursive”, if you mean “joined dirac session from Cursive REPL” as described here[1], then yes, anything you type/send into Cursive REPL, will act as if it was written into Dirac REPL directly: [1] https://github.com/binaryage/dirac/blob/master/docs/integration.md

@gfredericks Yes. That fix should work so long as test.check requires ClojureScript 1.9.293 or later. (I think I’ll write a blog post about this for people who are a little more interested in the details.)

Oh I'll just do that then

@mfikes thanks!

@gfredericks No problem. My guess is that some of the newer test.check stuff will have an extra interest for people for Spec, and thus requiring a newer ClojureScript release isn’t a bad idea (as newer ClojureScript releases have been tracking Spec in the Clojure alphas / betas.)

@mfikes I'm assuming the recency requirement only extends to people using self-hosted, which is already a fringey thing to do?

@gfredericks Yes. So, if you want to keep test.check more broadly usable (working with older ClojureScript) I’d just put in the spelled-out keyword. It doesn’t make a whole lot of sense to have self-hosted heavily influence a dep like that.

@mfikes I'm thinking this change wouldn't preclude using older nonselfhosted cljs

It would have the correct keyword either way

@gfredericks Right, with older non-self-hosted everything is cool either way.

okay, so I'm going to assume there isn't anybody using self-hosted cljs for whom upgrading is difficult, in which case everything's fine

@gfredericks IIRC test.check is set up so that it can depend on older ClojureScript in general, but perhaps a newer version just for self-hosted purposes. So, you could even write the keyword as ::foo but require 1.9.293 only here https://github.com/clojure/test.check/blob/master/project.clj#L13

@gfredericks It looks like 1.9.293 is being required as the main dep, so setting it in that other spot as well would do it. (Or that bit could actually be removed.) Hah.

Yeah changing that line is what I was going to do

Does cljs-ajax url-encode query parameters?

hmm: https://github.com/JulianBirch/cljs-ajax/issues/154

@thheller , @darwin: thanks for the clarifications; I think the problem was that I confused "clojure repl" with "cljs repl" and did not realize that the "cljs repl" is much much weaker than "clojure repl", and thus not a security to the machine running "lein figwheel"

@hwk still probably not a good idea to have it on a completely untrusted network 😛

@thheller : yeah, repls are making me very paranoid about security

@knaman I recommend #re-frame for that question! :)

@curlyfry ok, cool

@knaman if i'm not mistaken, reaction is in the reagent.core namespace

@johanatan ok, y would the value not refresh in tabs-panel function is i cant figure out?

Is it expected that :foo/bar/baz is valid in clj but throws a reader exception in cljs?

@jfntn it isn’t valid in clj

Really? It works in the latest alpha

“works"

http://clojure.org/reference/reader

this is authoritative

(though ambiguous in some unfortunate cases) you’ll see that lots of cases are defined here that the reader will accept

and not throw on

right, the docs do say “once"

there you go

I’ve seen a mozilla project using clojurescript, datomish

https://github.com/mozilla/datomish

I really find it cool !

I have a little pretty strange problems with cljs compiler: I compile the same code in 3 different environments and the result file is different (and the real problem that one of the 3 versions just crashes with an error of something is undefined). two of 3 enviroments have identical jdk version, identical lein version identical dependencies and executes identical build script, in summary, the exactly same cloned respository...) the difference between them is that one is a virtual machine in a server and other is a docker in my laptop

After some time researching I don't know how approach this situation, my temporal workaround is switch to :simple optimizations that works as expected... but generates 4.5 MB js file (in comparison to 1.8MB with advanced...)

what library / function should I be using to do an AJAX Get in CLJS land? I'm using lein, figheel, devcards, reagent, re-frame, re-com

cljs-http or cljs-ajax are popular choices

@danielstockton: thanks

@hwk if you are using re-frame then perhaps https://github.com/Day8/re-frame-http-fx

@mikethompson : I just remembered. https://github.com/Day8/re-frame/blob/master/docs/EffectfulHandlers.md#90--solution actually demoted using GET. For some stupid reason I completely forgot that.

what namespace does clojure.edn map to in cljs? It seems like my lein figwheel can find neither clojure.edn NOR cljs.edn

@hwk cljs.reader/read-string

@thheller: does this only appear weird to me (i.e. not cljs.edn), or is there a valid reason for cljs.reader ?

it is just an edn reader and it is just a name so it really doesn't matter