[Bug 30391] New: Bad JS in IntranetUserJS can break the staff client
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30391 Bug ID: 30391 Summary: Bad JS in IntranetUserJS can break the staff client Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Staff Client Assignee: koha-bugs@lists.koha-community.org Reporter: magnus@libriotech.no QA Contact: testopia@bugs.koha-community.org CC: gmcharlt@gmail.com I just had a support case where some bad JS was entered into IntranetUserJS, causing all JS-functionality in the staff client to be non-functional. This affected all Ajax-functionality, like displaying the table of ILL requests. But worst of all: it made it impossible to edit IntranetUserJS to remove the offending code! The solution was to log into koha-mysql and empty IntranetUserJS. This made JS functional again, and an edited version of the contents of IntranetUserJS could be put back into place. At first I thought this could be fixed by adding a syspref to turn IntranetUserJS off temporarily, but on second thought, I guess that would not work because the syspref editor relies on JS... So not sure there is a simple way to safeguard against this problem, but I thought I'd still throw it out there to see if anyone has a good idea... The bad JS looked something like this: $('<br /><h2>Something</h2>').insertAfter(this); -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30391 Adam Styles <mrfawn@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mrfawn@gmail.com --- Comment #1 from Adam Styles <mrfawn@gmail.com> --- Hi Magnus, The intranet JS logic is injected into all Staff intranet pages on page load. This means that any JS added to the Intranet JS text area can possibly disrupt existing Koha JS and related core functionality.
From my experience, using Intranet JS to inject some hot fixed for Koha Intranet staff UI can be useful if used sparingly. I generally run regression tests for my JS added source via a local vanilla test version of Koha, to test for any potential functionality friction, before apply to live/PROD.
A possible long term fix for this potentially disruptive experience, could be to add micro regression tests to run on save of Intranet JS data input field. This would offer the very core testing for the possible logic blocks to things like JQUERY, which is used to power many of the koha UI front end behaviors. IMHO. Thoughts? Adam. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30391 Marie <marie.hedbom@musikverket.se> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marie.hedbom@musikverket.se -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=30391 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Bad JS in IntranetUserJS |Bad JavaScript in |can break the staff client |IntranetUserJS can break | |the staff interface -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org