[Xerte-dev] Re: Upload and security
Pat @ Pgogy
xerte at pgogywebstuff.com
Wed May 22 09:58:51 BST 2013
JavaScript is in the banned list I think
I'd ask what you want the bootstrap to be - a mini website for Non-techies or a sort of techie play space?
On 21 May 2013, at 10:00, Julian Tenney <Julian.Tenney at nottingham.ac.uk> wrote:
> Just reprising a recent conversation about uploading javascript. You guys weren’t keen. I just uploaded a txt file with javascript in it, loaded via a script tag in the bootstrap template and it – of course – executes, but we knew that anyway.
>
> Is it the case that only authorised users – those logged in – can get anything through upload.php? Should authorised users be able to upload javascript?
>
> Second and slightly related question, playing around with the bootstrap template wizard: I got it adding canvas, and thought about other userful building blocks for developers. You could define them in a text icon <canvas width=”500” height=”350”/> and then script them from a script icon, so are we gaining anything at the expense of confusing users who don’t know what scripts and canvases do? I just though ‘well, where does it end? Divs, styles, etc’ and we can do it all with text anyway. But in looking at some of this stuff, it would really be handy to be able to upload scripts, because writing anything more than trivial in the wizard is going to be gribbly.
>
> What do you think?
>
> <image001.png>
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130522/07be4adc/attachment.html>
More information about the Xerte-dev
mailing list