mORMot Open Source

Hello Arnaud,
I've written the following procedure to create external hyperlinks.
Even though I'm not a PDF expert, it looks like it is working even for complex links. Any feedback is welcome.
Hopefully this can be included as-is in SynPDF source code:

function TPDFDocument.CreateExternalLink(const ARect: TPdfRect; const anUrl: RawUTF8;
  BorderStyle: TPdfAnnotationBorder; BorderWidth: integer): TPdfDictionary;
var
  anAction: TPdfDictionary;
begin
  result := CreateAnnotation(asLink, ARect, BorderStyle, BorderWidth);
  anAction := TPdfDictionary.Create(FXRef);
  anAction.AddItem('Type', 'Action');
  anAction.AddItem('S', 'URI');
  anAction.AddItemTextUTF8('URI', anUrl);
  Result.AddItem('A', anAction);
end;

From a quick overview of your screenshot, it looks like the Y is simply inverted for the link.
Perhaps the CreateLink's reference point is the bottom left of the document while the rectangle's reference is the top left ? Not sure why.

IMHO any kind of clients (REST included) must be put on a leash as there are plenty of bad things they could do which they shouldn't be allowed to. From the top of my head, I can think about:
- Access resources (rows/fields) without proper permission
- Delete/Update resources without proper permission
- Send invalid data which could result in either data corruption or server crash
- Send malformed (string instead of int, data is too long...) or missing data (required field) which could lead to future problems (data analysis, report generation...)

Where it should be done is another question which should be carefully thought out:
- Invalid access permissions should be checked (at the very least) before returning data to the client. If not before accessing data in the persistence storage
- Invalid modification access should be checked before modifying the persistence storage
- Invalid formated data or missing data should be checked before modifying the persistence storage
- Invalid data resulting in server crash should be handled as soon as it is received (e.g data flood, invalid characters, invalid requests...)
- Invalid data resulting in data corruption should be handled before writing to persistence storage

Regarding table access security, this is great but not enough for most systems: row-level and even field-level security and validation should be handled from the server.
I admit I do not know mORMot enough to say that it is not possible to do so or that it should handle everything.
But as far as I can tell mORMot includes both the data persistence access and REST server with direct interactions between them so it should provide a way to interfere and add safe guards between both.

I hope you'll see those remarks as constructive, not critics

Auto-synch between servers and clients would be amazing!
This would be a potential alternative to the very popular and great Firebase recently purchased by Google: https://www.firebase.com/
Happy new year Arnaud and best wishes for you and your rodents

OK Thanks. Perhaps in a future update.

That's exactly what I wanted. Thank you very much mpv!
Should I take care of freeing the TSMObjects (e.g. blogObj.free) when the engine is freed or are they owned by the engine ?

OK then, I will do that
Thanks!

I've tried multiple compilation options without any success. I've also tried disabling IDEFixPack without success.
The new code doesn't change anything either. And indeed, it looks like a wrong value is passer to the method.

So this is what I tried and it fixed the problem is:
- Make JSContext.SetOptions public
- In TSMEngine.Create call it instead of assigning to the property

Not sure how this can be explained.

I can confirm the exception for JS_SetOptions on Delphi XE 3