1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Not Planned JavaScript Modification

Discussion in 'Closed Suggestions' started by AndyB, Sep 25, 2013.

  1. AndyB

    AndyB Well-Known Member

    Often we need to modify the core Javascript files to achieve the functionality we want. Of course at upgrade time this requires redoing the modifications manually.

    It would be great to see a Javascript Modification function similar to Template Modification. That way we could create add-ons for the core Javascript changes.
     
  2. Jeremy

    Jeremy XenForo Moderator Staff Member

    In its current form, this is impossible due to the fact that JavaScript are files and not templates.
     
  3. Rigel Kentaurus

    Rigel Kentaurus Well-Known Member

    Could you give an example of when you needed to modify javascript files?

    I have hardly had to do that, I write my own javascript files and that is enough. Only exception might be the redactor icons, and I am sure that can be worked around :)
     
    Jeremy P likes this.
  4. AndyB

    AndyB Well-Known Member

    I modify three of the core Javascript files for the following reasons:

    1) Remove some Redactor icons
    2) Remove some HTML tags when text is pasted into the editor
    3) Remove overlay trigger when username is clicked
     
  5. AndyB

    AndyB Well-Known Member

    Would it be possible to modify the.js files directly?
     
  6. Jeremy

    Jeremy XenForo Moderator Staff Member

    Allowing any form to write to files that arbitrarily get run by your server or a client computer is a very, very bad idea for security reasons.
     
    jmurrayhead likes this.
  7. AndyB

    AndyB Well-Known Member

    We can already include Javascript into templates using the Template Modification system, not sure how that is any less of a security risk?
     
  8. Jeremy

    Jeremy XenForo Moderator Staff Member

    Including via templates and directly writing to your server are two completely different notions of security. Allowing scripts to write to your server and modify files is completely different then placing an include into a template.
     
    jmurrayhead likes this.
  9. AndyB

    AndyB Well-Known Member

    When a template includes the <script>JavaScript code</script> could it include any JavaScript code just like the .js file?
     
  10. Jeremy

    Jeremy XenForo Moderator Staff Member

  11. AndyB

    AndyB Well-Known Member

    What if there was a list of .js files it was able to modify.
     
  12. Jeremy

    Jeremy XenForo Moderator Staff Member

    I'll just quote myself:
    Regardless of a 'safe' list of files or not, its still a security risk to allow arbitrary scripts to write to scripts that get arbitrarily run.
     
    jmurrayhead and Amaury like this.
  13. Mike

    Mike XenForo Developer Staff Member

    Last edited: Sep 26, 2013
    Jeremy likes this.
  14. AndyB

    AndyB Well-Known Member

    I appreciate the explanations, a big security risk in Xenforo is certainly not what we want.
     

Share This Page