https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36152 --- Comment #8 from David Cook <dcook@prosentient.com.au> --- (In reply to Lucas Gass from comment #7)
It would be more convenient but it would create an even wider security problem.
I definitely agree, David. We should be putting JS in less places, not more. Security needs to take precedence. It is only mildly inconvenient to have to add JS to the UserJS sys prefs.
I am inclined to mark this as RESOLVED - WONT FIX.
Agreed. @Andrew can you speak more to your original intention? I agree that *UserJS can get very long and be difficult to maintain, so I can understand wanting to break it up into more specific chunks. Personally, I'd love to eliminate the *UserJS preferences, but I don't think anyone will ever agree with me on that one, so I think we should protect them with a higher level of permission, which would involve a new UI. One thought I have is a UI that lets you create blocks of JS and assign them to a name, and then perhaps use something like [% Asset.UserJS('this_js_name') %] in the HTML for that page could inject the JS into the page. Another thought it just a UI that lets you create separate blocks of JS that get merged into the same <script></script> element, but helps you manage them separately. (At this point, technically speaking, you could create page-specific Javascript, upload it via the "Uploads" tool and just include it on the pages you want. But in the future, we will be preventing <script> tags in many of the HTML areas, so perhaps not wise to use this workaround.) -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.