[#MDL-14542] Modification to improve javascript and css header insertion for blocks, modules and filters - Moodle Tracker

Details

Type: Sub-task
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0
Fix Version/s: 2.0
Component/s: Blocks, Filters
Labels:
None

URL:
http://ossett.schools.wakefield.gov.uk/web/media/video/moodle_mod_screencast_hq
Affected Branches:
MOODLE_20_STABLE
Fixed Branches:
MOODLE_20_STABLE

Description

Currently Moodle does not provide blocks, filters or modules with an effective way of inserting javascript or css into the html header.

It is possible to insert javascript by adding javascript.php to the root folder of a block,filter or module. However, the file is included as raw text - it is not parsed PHP.

I have developed a modification to moodle which enables blocks, filters and modules to insert javascript / css into the html header whilst taking account of user permissions, browser version and edit mode. This has the following advantages:

1) Standards compliance - all linked css and scripts should be in the head of the document, not the body

2) Because css and javascript are included in the head according to user permissions, there is no wasted bandwidth for users who should not 'see' such css or javascript (way better than the current lib/javascript-mod.php which simply includes everything)

3) Security - users should not be aware of javascript that is not relevant to them based on their permissions. This is not a major security risk but every little helps!

Please visit the following screen cast for more info (I recommend the high quality link)

High quality link:

http://ossett.schools.wakefield.gov.uk/web/media/video/moodle_mod_screencast_hq

Low quality link:

http://ossett.schools.wakefield.gov.uk/web/media/video/moodle_mod_screencast

More Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

$i18n.getText("admin.common.words.hide")
js_css_head_insert_proposal.zip

24/Apr/08 8:09 PM

136 kB

guy thomas
js_css_head_insert_proposal/.../block_head_ins_example.php 0.7 kB

js_css_head_insert_proposal/.../main.css 0.1 kB

js_css_head_insert_proposal/.../teacher_editing.css 0.2 kB

js_css_head_insert_proposal/.../access.php 1 kB

js_css_head_insert_proposal/.../block_head_ins_example.php 0.1 kB

js_css_head_insert_proposal/.../header_css.php 1 kB

js_css_head_insert_proposal/.../header_js.php 2 kB

js_css_head_insert_proposal/.../blockcapibility.js 0.1 kB

js_css_head_insert_proposal/.../firefox.js 0.1 kB

js_css_head_insert_proposal/.../main.js 0.1 kB

js_css_head_insert_proposal/.../teacher.js 0.1 kB

js_css_head_insert_proposal/.../teacher_editing.js 0.1 kB

js_css_head_insert_proposal/.../README.txt 0.1 kB

js_css_head_insert_proposal/.../block_head_ins_example.php 0.1 kB

js_css_head_insert_proposal/.../htmlheadlib.php 20 kB

js_css_head_insert_proposal/.../javascript.php 5 kB

js_css_head_insert_proposal/REAME.txt 0.2 kB

js_css_head_insert_proposal/.../js_css_head_insert_proposal.pdf 127 kB

Download Zip
$i18n.getText("admin.common.words.show")

js_css_head_insert_proposal.zip

24/Apr/08 8:09 PM

136 kB

guy thomas

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Anthony Borrow added a comment - 24/Apr/08 9:57 PM

Guy - Thanks for your work at documenting this proposal so clearly as that will greatly assist in evaluating it. I personally am not overly familiar with javascript but my first concern would be for security. As such, I'm assigning this to Petr who can give his input and ask any questions. I found the screencast very clear and helpful. Peace - Anthony

Show

Anthony Borrow added a comment - 24/Apr/08 9:57 PM Guy - Thanks for your work at documenting this proposal so clearly as that will greatly assist in evaluating it. I personally am not overly familiar with javascript but my first concern would be for security. As such, I'm assigning this to Petr who can give his input and ask any questions. I found the screencast very clear and helpful. Peace - Anthony

Hide

Permalink

Anthony Borrow added a comment - 24/Apr/08 10:50 PM

I just have the general impression that you want to make sure that it does not open up cross scripting vulnerabilities or allow someone to execute code that is not on the server. I think I would be more comfortable if there was a check that ensured that any include has to reside in CFG->wwwroot somewhere - in other words the code has to be on the local server. Does that make any sense? Peace - Anthony

Show

Anthony Borrow added a comment - 24/Apr/08 10:50 PM I just have the general impression that you want to make sure that it does not open up cross scripting vulnerabilities or allow someone to execute code that is not on the server. I think I would be more comfortable if there was a check that ensured that any include has to reside in CFG->wwwroot somewhere - in other words the code has to be on the local server. Does that make any sense? Peace - Anthony

Hide

Permalink

guy thomas added a comment - 25/Apr/08 2:18 AM - edited

Really, the main focus of the modification is to facilitate good practices with javascript and css.
There is no way in moodle to insert css or javascript into the head from a block,module and filter and this is bad news for standards compliance. Cheers, Guy

Show

guy thomas added a comment - 25/Apr/08 2:18 AM - edited Really, the main focus of the modification is to facilitate good practices with javascript and css. There is no way in moodle to insert css or javascript into the head from a block,module and filter and this is bad news for standards compliance. Cheers, Guy

Hide

Permalink

Petr Škoda (skodak) added a comment - 25/Apr/08 9:02 PM

hello,
I agree this should definitely be fixed in 2.0, clearing he security flag so that anybody may participate here

I hope somebody will start working on full rewrite of page rendering infrastructure in 2.0 soon, thanks for this valuable input

Show

Petr Škoda (skodak) added a comment - 25/Apr/08 9:02 PM hello, I agree this should definitely be fixed in 2.0, clearing he security flag so that anybody may participate here I hope somebody will start working on full rewrite of page rendering infrastructure in 2.0 soon, thanks for this valuable input

Hide

Permalink

guy thomas added a comment - 30/Apr/08 12:16 AM

Hi Peter.

Thanks for looking into this mod.
I would love to be involved with the rewrite of the page rendering infrastructure in 2.0 - even if its in a small way.

Cheers

Guy

Show

guy thomas added a comment - 30/Apr/08 12:16 AM Hi Peter. Thanks for looking into this mod. I would love to be involved with the rewrite of the page rendering infrastructure in 2.0 - even if its in a small way. Cheers Guy

Hide

Permalink

allan morris added a comment - 29/Aug/08 2:07 AM

Hu Guy.

Sounds like a good idea to me.
Hope this is included in the 2.0 code.

Good luck.

Allan.

Show

allan morris added a comment - 29/Aug/08 2:07 AM Hu Guy. Sounds like a good idea to me. Hope this is included in the 2.0 code. Good luck. Allan.

Hide

Permalink

Alan Trick added a comment - 22/May/09 7:03 AM

I ran into this when I was writing the YUI menu block (I wanted to include a couple YUI files). I ended up just calling require_js right near the beginning of get_content(). Rather ugly.

Show

Alan Trick added a comment - 22/May/09 7:03 AM I ran into this when I was writing the YUI menu block (I wanted to include a couple YUI files). I ended up just calling require_js right near the beginning of get_content(). Rather ugly.

Hide

Permalink

Tim Hunt added a comment - 20/Jul/09 11:15 AM

Actually, in Moodle 2.0, for blocks, you can use the block specialize method to initialise things you need initialised before $OUTPUT->header.

Show

Tim Hunt added a comment - 20/Jul/09 11:15 AM Actually, in Moodle 2.0, for blocks, you can use the block specialize method to initialise things you need initialised before $OUTPUT->header.

Hide

Permalink

Tim Hunt added a comment - 01/May/10 3:21 PM

Petr, I think you have dealt with this with your theme changes, so closing.

Show

Tim Hunt added a comment - 01/May/10 3:21 PM Petr, I think you have dealt with this with your theme changes, so closing.

People

Assignee:

Tim Hunt

Reporter:

guy thomas

Tester:

Petr Škoda (skodak)

Participants:

Alan Trick, allan morris, Anthony Borrow, guy thomas, Petr Škoda (skodak), Tim Hunt

Vote (8)

Watch (2)

Dates

Created:

24/Apr/08 8:09 PM

Updated:

17/Dec/10 1:02 PM

Resolved:

01/May/10 3:21 PM