Not planned JavaScript Modification

[AndyB]

Often we need to modify the core Javascript files to achieve the functionality we want. Of course at upgrade time this requires redoing the modifications manually.

It would be great to see a Javascript Modification function similar to Template Modification. That way we could create add-ons for the core Javascript changes.

 

[Jeremy]

In its current form, this is impossible due to the fact that JavaScript are files and not templates.

 

[Rigel Kentaurus]

Could you give an example of when you needed to modify javascript files?

I have hardly had to do that, I write my own javascript files and that is enough. Only exception might be the redactor icons, and I am sure that can be worked around

 

[AndyB]

Could you give an example of when you needed to modify javascript files?

I modify three of the core Javascript files for the following reasons:

1) Remove some Redactor icons
2) Remove some HTML tags when text is pasted into the editor
3) Remove overlay trigger when username is clicked

 

[AndyB]

In its current form, this is impossible due to the fact that JavaScript are files and not templates.

Would it be possible to modify the.js files directly?

 

[Jeremy]

Allowing any form to write to files that arbitrarily get run by your server or a client computer is a very, very bad idea for security reasons.

 

[AndyB]

Allowing any form to write to files that arbitrarily get run by your server or a client computer is a very, very bad idea for security reasons.

We can already include Javascript into templates using the Template Modification system, not sure how that is any less of a security risk?

 

[Jeremy]

Including via templates and directly writing to your server are two completely different notions of security. Allowing scripts to write to your server and modify files is completely different then placing an include into a template.

 

[AndyB]

When a template includes the <script>JavaScript code</script> could it include any JavaScript code just like the .js file?

 

[Jeremy]

Yes.

 

[AndyB]

Allowing scripts to write to your server and modify files is completely different then placing an include into a template.

What if there was a list of .js files it was able to modify.

 

[Jeremy]

I'll just quote myself:

Allowing any form to write to files that arbitrarily get run by your server or a client computer is a very, very bad idea for security reasons.

Regardless of a 'safe' list of files or not, its still a security risk to allow arbitrary scripts to write to scripts that get arbitrarily run.

 

[Mike]

This simply won't happen for reasons that have been given.

Regardless you can likely "monkey patch" (http://www.reigndropsfall.net/2010/06/15/monkey-patching/) the JS classes to inject or override the behaviors you want (similar to OO inheritance in PHP).

 

[AndyB]

I appreciate the explanations, a big security risk in Xenforo is certainly not what we want.