http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5371
Mason James <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Version|rel_3_2 |master --- Comment #8 from Mason James <[email protected]> 2011-09-22 08:26:03 UTC --- (In reply to comment #2) > patch applied to tag 'v3.02.00' > > this patch has only been tested in firefox so far, and requires a firefox > config-change. > > edit firefox's 'user.js' file and add this line to it > user_pref("dom.allow_scripts_to_close_windows", true); > > FYI: according to the web-security forums, this is the best/only way to get > around this problem an update on this bug... ive come to a situation that i cant find a solution for the patch works *perfectly* for browsers with the 'user_pref("dom.allow_scripts_to_close_windows")' pref set to 'TRUE' so, the good news is library-staff can force this setting on their OPAC's browser, and this patch will work great! the bad news is ... this patch works horribly for browsers with the pref set to 'FALSE' (which is default) and *fails* logging out a person :/ the obvious solution here is to test whether a browser has the 'dom.allow_scripts_to_close_windows' value set to TRUE then execute this js code, or not... sounds easy?, nope... i cant work out a technique to get the 'dom.allow_scripts_to_close_windows' value from a browser (my hunch is that it's probably deliberately impossible to determine that info) so, the original security/privacy issue still remains in MASTER - but this patch is broken -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
