https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36152
--- Comment #8 from David Cook <dc...@prosentient.com.au> ---
(In reply to Lucas Gass from comment #7)
> > It would be more convenient but it would create an even wider security
> > problem.
>
> I definitely agree, David. We should be putting JS in less places, not more.
> Security needs to take precedence. It is only mildly inconvenient to have to
> add JS to the UserJS sys prefs.
>
> I am inclined to mark this as RESOLVED - WONT FIX.
Agreed.
@Andrew can you speak more to your original intention? I agree that *UserJS can
get very long and be difficult to maintain, so I can understand wanting to
break it up into more specific chunks.
Personally, I'd love to eliminate the *UserJS preferences, but I don't think
anyone will ever agree with me on that one, so I think we should protect them
with a higher level of permission, which would involve a new UI.
One thought I have is a UI that lets you create blocks of JS and assign them to
a name, and then perhaps use something like [% Asset.UserJS('this_js_name') %]
in the HTML for that page could inject the JS into the page.
Another thought it just a UI that lets you create separate blocks of JS that
get merged into the same <script></script> element, but helps you manage them
separately.
(At this point, technically speaking, you could create page-specific
Javascript, upload it via the "Uploads" tool and just include it on the pages
you want. But in the future, we will be preventing <script> tags in many of the
HTML areas, so perhaps not wise to use this workaround.)
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
