[Xerte-dev] Re: Upload JS

Smith, John J.J.Smith at gcu.ac.uk
Fri May 10 13:40:33 BST 2013


It is…

It could be combined with an option to restrict to only certain users I suppose…

Regards,

John Smith
Learning Technologist
School of Health & Life Sciences
Glasgow Caledonian University

From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of xerte at pgogywebstuff.com
Sent: Friday, May 10, 2013 1:29 PM
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Upload JS

The option makes sense, but I think it's a big risk

Pgogy Webstuff http://www.pgogywebstuff.com
Makers of Web things of a fair to middling quality


----- Original Message -----
From:
"For Xerte technical developers" <xerte-dev at lists.nottingham.ac.uk<mailto:xerte-dev at lists.nottingham.ac.uk>>

To:
"For Xerte technical developers" <xerte-dev at lists.nottingham.ac.uk<mailto:xerte-dev at lists.nottingham.ac.uk>>
Cc:

Sent:
Fri, 10 May 2013 09:57:15 +0100
Subject:
[Xerte-dev] Re: Upload JS

We could just add as an optional setting in management to allow JS or anything else that would be insecure, off by default and allow the end user to choose… on a very closed system I agree it would be good.


Regards,


John Smith
Learning Technologist
School of Health & Life Sciences
Glasgow Caledonian University


From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: Friday, May 10, 2013 9:49 AM
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Upload JS


Fair enough then.


Shame.


From: xerte-dev-bounces at lists.nottingham.ac.uk<mailto:xerte-dev-bounces at lists.nottingham.ac.uk> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Pat @ Pgogy
Sent: 10 May 2013 09:00
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Upload JS


Yes

On 10 May 2013, at 07:59, Julian Tenney <Julian.Tenney at nottinghamac.uk<mailto:Julian.Tenney at nottingham.ac.uk>> wrote:
Thinking aloud here, you can write javascript in the bootstrap template – so it would probably be handy if you could upload a .js file, because anything more than trivial is going to be a right pita to write in the wizard. .js is currently blacklisted. Given all the other security updates recently, do you think we are opening up a major hole if we allowed .js? Either by uploading a script file, or by pointing to a url somewhere?



_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk<mailto:Xerte-dev at lists.nottingham.ac.uk>
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev

Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html



Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130510/685b11c7/attachment-0001.html>


More information about the Xerte-dev mailing list