[Opa] after a long day of hacking...

Alok Menghrajani alok at fb.com
Thu Nov 3 22:43:22 EDT 2011 

Hi,

I'm just done writing my first useful piece of code. Here are a few
thoughts I wanted to share with the mailing list:

First of all, writing in opa was super quick and fun! I don't think I
could have written things as quickly in any other framework.

Here are a few things I think can be improved:

1. Db.fresh_key should return a random int (or have a parameters which
controls the sequence type). I believe there's more value in making sure a
web app cannot be crawled vs having consecutive ids?

2. I found it hard to redirect the client to "/foo". At first, I wrote:

   Client.go(Uri.of_absolute({Uri.default_absolute with
     path = ["foo"]
   }))

   But I found it too verbose, so I wrote:
 
   Client.go({path=["foo"] fragment={none} query=[] is_directory=false
is_from_root=true})

   Is there a nicer way to write this? Something like
Uri.of_relative("/foo")?

3. I noticed every page has the following tag:
   <link rel="icon" type="image/gif" href="/favicon.gif/>

   This threw me off for two reasons:
   * the "Simple, Secure, Scalable Web Development with Opa" guide gives
favicon.ico as an example, but the browser is going to hit favicon.gif.
   * if a browser doesn't know about rel="icon", it's going to hit
favicon.ico, right? Or we don't care about yesterday's browsers?
   * has anyone thought about the pros and cons of ico vs png vs gif (for
favicons)?

4. I think the framework should always emit the X-Frame-Options: DENY
header. This way, the developer does not need to care about click jacking
attacks.

5. Opa does not support the "paste" event. The docs don't mention it, but
the github code has a reference to it (in stdlib/core/web/core/event.opa).
However, opa does not expose information about the paste event (I.e.
clipboardData is not exposed). I feel two things will occur:
   A) opa does not support a given js feature because it is new
   B) opa does not support a given js feature because there is no way to
do it in a cross-browser way

   While I could go hack the ocaml code to add anything I feel is missing,
I feel it would be great if opa had a bridge to vanilla js (a way to
trigger events or call functions from opa into vanilla js and vice-versa).


You can check out my simple service that lets you upload images using
ctrl-v (paste). It's hosted here: http://pixpaste.quaxio.com:8080/ but
currently only works in Chrome. The source is on my github account.

Alok

More information about the Opa mailing list