Not planned JavaScript Modification

AndyB

Well-known member
Often we need to modify the core Javascript files to achieve the functionality we want. Of course at upgrade time this requires redoing the modifications manually.

It would be great to see a Javascript Modification function similar to Template Modification. That way we could create add-ons for the core Javascript changes.
 

Jeremy

Well-known member
In its current form, this is impossible due to the fact that JavaScript are files and not templates.
 

Rigel Kentaurus

Well-known member
Could you give an example of when you needed to modify javascript files?

I have hardly had to do that, I write my own javascript files and that is enough. Only exception might be the redactor icons, and I am sure that can be worked around :)
 

AndyB

Well-known member
Could you give an example of when you needed to modify javascript files?
I modify three of the core Javascript files for the following reasons:

1) Remove some Redactor icons
2) Remove some HTML tags when text is pasted into the editor
3) Remove overlay trigger when username is clicked
 

Jeremy

Well-known member
Allowing any form to write to files that arbitrarily get run by your server or a client computer is a very, very bad idea for security reasons.
 

AndyB

Well-known member
Allowing any form to write to files that arbitrarily get run by your server or a client computer is a very, very bad idea for security reasons.
We can already include Javascript into templates using the Template Modification system, not sure how that is any less of a security risk?
 

Jeremy

Well-known member
Including via templates and directly writing to your server are two completely different notions of security. Allowing scripts to write to your server and modify files is completely different then placing an include into a template.
 

AndyB

Well-known member
When a template includes the <script>JavaScript code</script> could it include any JavaScript code just like the .js file?
 

Jeremy

Well-known member
I'll just quote myself:
Allowing any form to write to files that arbitrarily get run by your server or a client computer is a very, very bad idea for security reasons.
Regardless of a 'safe' list of files or not, its still a security risk to allow arbitrary scripts to write to scripts that get arbitrarily run.
 

AndyB

Well-known member
I appreciate the explanations, a big security risk in Xenforo is certainly not what we want.
 
Top