[Xerte-dev] Re: Upload and security

Julian Tenney Julian.Tenney at nottingham.ac.uk
Wed May 22 10:59:50 BST 2013


> I'd ask what you want the bootstrap to be - a mini website for Non-techies or a sort of techie play space?

Both. I did few things over the last few days: I added some new nodes that are defined as advanced. You only see them if you click the show advanced checkbox – see below, you can toggle the script, canvas and html nodes on or off, they appear below the divider. So non-techs never need to see them.

Rather than try and support a load of different html tags (I did canvas and thought, hang on, where does this end?), I added a specific tag for html, to distinguish it from text elements (second show below), mainly because bootstrap has all those components that you need to define using html, and they are useful if you know what to do with them – and you also need to write javascript to use them or respond to user input).

I also added the ability to define styles on the project (root) icon, via an optional property, and as well, you can upload a stylesheet if you’d rather. You already know I added the ability to load third party libraries, and there is a script tag for writing javascript (third show below).

You can see this piece at http://www.nottingham.ac.uk/toolkits/play_8222). So all in all, it’s very powerful.

[cid:image001.png at 01CE56DB.1C445570]

[cid:image002.png at 01CE56DB.1C445570]

[cid:image003.png at 01CE56DB.7B60EFA0]

From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Pat @ Pgogy
Sent: 22 May 2013 09:59
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Upload and security

JavaScript is in the banned list I think

I'd ask what you want the bootstrap to be - a mini website for Non-techies or a sort of techie play space?



On 21 May 2013, at 10:00, Julian Tenney <Julian.Tenney at nottingham.ac.uk<mailto:Julian.Tenney at nottingham.ac.uk>> wrote:
Just reprising a recent conversation about uploading javascript. You guys weren’t keen. I just uploaded a txt file with javascript in it, loaded via a script tag in the bootstrap template and it – of course – executes, but we knew that anyway.

Is it the case that only authorised users – those logged in – can get anything through upload.php? Should authorised users be able to upload javascript?

Second and slightly related question, playing around with the bootstrap template wizard: I got it adding canvas, and thought about other userful building blocks for developers. You could define them in a text icon <canvas width=”500” height=”350”/> and then script them from a script icon, so are we gaining anything at the expense of confusing users who don’t know what scripts and canvases do? I just though ‘well, where does it end? Divs, styles, etc’ and we can do it all with text anyway. But in looking at some of this stuff, it would really be handy to be able to upload scripts, because writing anything more than trivial in the wizard is going to be gribbly.

What do you think?

<image001.png>
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk<mailto:Xerte-dev at lists.nottingham.ac.uk>
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130522/f6afc852/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 129173 bytes
Desc: image001.png
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130522/f6afc852/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 141097 bytes
Desc: image002.png
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130522/f6afc852/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 132113 bytes
Desc: image003.png
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130522/f6afc852/attachment-0005.png>


More information about the Xerte-dev mailing list