NW | 26-SDC-Mar | Zabihollah Namazi | Sprint 2 | Chat App frontend by ZabihollahNamazi · Pull Request #77 · CodeYourFuture/Module-Decomposition

ZabihollahNamazi · 2026-05-04T14:21:45Z

Self checklist

I have titled my PR with Region | Cohort | FirstName LastName | Sprint | Assignment Title
My changes meet the requirements of the task
I have tested my changes
My changes follow the style guide

could you please check my pr ? thank you very much

ZabihollahNamazi · 2026-05-04T14:53:21Z

frontend link:
https://zabihollah-namazi-chat-app-frontend.hosting.codeyourfuture.io
backend link:
https://zabihollah-namazi-chat-app-backend.hosting.codeyourfuture.io

cjyuan

Code works on normal circumstances. My comments are mainly surrounding handling of
errors and unusual user input.

Can you also include these items in the PR description?

A description of the additional features you have implemented
A link to the deployed frontend on the CYF hosting environment
A link to the deployed backend on the CYF hosting environment

cjyuan · 2026-05-24T08:12:20Z

+document.addEventListener("DOMContentLoaded", () => {
+  const messagesList = document.getElementById("messages-list");
+  const form = document.getElementById("message-form");
+  const input = document.getElementById("message-input");


How can you make this named constant more meaningful?

cjyuan · 2026-05-24T08:13:04Z

+    const res = await fetch(BACKEND_URL);
+    const messages = await res.json();


What if any of the operations fails?

cjyuan · 2026-05-24T08:13:34Z

+      li.innerHTML = `
+        <div><strong>${msg.username}</strong></div>
+        <div>${msg.text}</div>
+        <small>${msg.timeStamp}</small>
+      `;


Currently HTML injection is possible. Can you update the code or propose a solution to prevent it from happening?

cjyuan · 2026-05-24T08:16:52Z

+    await fetch(BACKEND_URL, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        username: usernameInput.value,
+        text: input.value,
+      }),
+    });


No input sanitization and validation ?

What if the operation fails or return a "username and text required" error response?

cjyuan · 2026-05-24T09:05:19Z

+  const { username, text } = req.body;
+
+  if (!username || !text) {
+    return res.status(400).json({ error: "username and text required" });
+  }


It's good practice to validate all request inputs.

A more robust implementation should also account for potential failures on line 19 and include appropriate error handling.

In this exercise, let's assume the request is always coming from the code in script.js. So no change needed.

cjyuan · 2026-05-24T09:08:31Z

+  messages.push({
+    username,
+    text,
+    timeStamp: new Date().toLocaleTimeString(),


Can you suggest a strategy to ensure that users in different time zones see timestamps in their respective local time zones?

ZabihollahNamazi added 10 commits May 4, 2026 12:50

files and backend

98b8ab0

.gitignore

989ab68

server.js and htnl

6fe5ce1

update

f1ad126

backend link

4399ba9

every one second and leave username after every message

61866c1

loadmessage fun in the end

3d2a6fd

update html

6c1f47a

updates and css

9b7ea35

update cors and port

504fc8d