|
[
Permalink
| « Hide
]
Anthony Borrow added a comment - 24/Apr/08 09:57 PM
Guy - Thanks for your work at documenting this proposal so clearly as that will greatly assist in evaluating it. I personally am not overly familiar with javascript but my first concern would be for security. As such, I'm assigning this to Petr who can give his input and ask any questions. I found the screencast very clear and helpful. Peace - Anthony
I just have the general impression that you want to make sure that it does not open up cross scripting vulnerabilities or allow someone to execute code that is not on the server. I think I would be more comfortable if there was a check that ensured that any include has to reside in CFG->wwwroot somewhere - in other words the code has to be on the local server. Does that make any sense? Peace - Anthony
Really, the main focus of the modification is to facilitate good practices with javascript and css.
There is no way in moodle to insert css or javascript into the head from a block,module and filter and this is bad news for standards compliance. Cheers, Guy hello,
I agree this should definitely be fixed in 2.0, clearing he security flag so that anybody may participate here I hope somebody will start working on full rewrite of page rendering infrastructure in 2.0 soon, thanks for this valuable input Hi Peter.
Thanks for looking into this mod. Cheers Guy Hu Guy.
Sounds like a good idea to me. Good luck. Allan. I ran into this when I was writing the YUI menu block (I wanted to include a couple YUI files). I ended up just calling require_js right near the beginning of get_content(). Rather ugly.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sub-task
Open
Major
 |
|
All content on this web site is made available under the GNU General Public License, unless otherwise stated.
