[Koha-bugs] [Bug 30391] New: Bad JS in IntranetUserJS can break the staff client
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Mar 29 08:22:01 CEST 2022
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30391
Bug ID: 30391
Summary: Bad JS in IntranetUserJS can break the staff client
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Staff Client
Assignee: koha-bugs at lists.koha-community.org
Reporter: magnus at libriotech.no
QA Contact: testopia at bugs.koha-community.org
CC: gmcharlt at gmail.com
I just had a support case where some bad JS was entered into IntranetUserJS,
causing all JS-functionality in the staff client to be non-functional. This
affected all Ajax-functionality, like displaying the table of ILL requests. But
worst of all: it made it impossible to edit IntranetUserJS to remove the
offending code!
The solution was to log into koha-mysql and empty IntranetUserJS. This made JS
functional again, and an edited version of the contents of IntranetUserJS could
be put back into place.
At first I thought this could be fixed by adding a syspref to turn
IntranetUserJS off temporarily, but on second thought, I guess that would not
work because the syspref editor relies on JS... So not sure there is a simple
way to safeguard against this problem, but I thought I'd still throw it out
there to see if anyone has a good idea...
The bad JS looked something like this:
$('<br /><h2>Something</h2>').insertAfter(this);
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list