Hi Willy, -- I prefer encrypted and signed messages. Fingerprint: 110A F423 3647 54E2 880F ADAD 1C52 85BF B20A 22F9
No trees were harmed in the sending of this message, however, a number of electrons were inconvenienced. > On 1 Jan 2017, at 09:22, Willy Tarreau <w...@1wt.eu> wrote: > > Hi David, > > On Fri, Dec 30, 2016 at 11:28:12AM +0000, David Harrigan wrote: >> Hi, >> >> Has there been any discussion in or around adding a "Select All" checkbox >> to the Stats dashboard to help administrators action a bunch of servers >> quickly (e.g., to mark all the nodes in a backend as being in maintenance). > > I seem to remember we had some discussion about this many years ago when > these checkboxes were implemented. I suspect that one limit we identified > was that large farms could cause huge requests to be sent, which will > possibly be rejected. But that's not that big of an issue after all. > > I recently had the same need in fact and found it too bad not to have it. > >> I've had a look at stats.c and it does look like it could be relatively >> straightforward to add (I've wrote the patch already). The only downside >> would be the inclusion of a small bit of inline Javascript that would tick >> all the individual checkboxes when the "Select All" checkbox is selected. >> In total, there are no new lines of code, just a few modifications to 2 >> lines of existing code in stats.c. >> >> I notice that presently, the stats page does not contain any Javascript and >> that is a good thing! However, perhaps a small exception can be made for >> this specific purpose? > > I don't think it's an issue here as long as it's not mandatory. In the worst > case if JS is disabled/not available, you continue to manually check all the > boxes like today. However you need to be careful about the code you add so > that it is only static and is not generated with information extracted from > the page (eg: server names) otherwise it could be possible for hosted > customers to indirectly inject some JS code into their hosting provider's > browser by playing with their server names for example, which is not > desirable :-) > Happy New Year and thank you for your feedback. I think my patch may be safe, it's a one liner of JS. However, I do have to reference the server names somewhere, and I do that by obtaining the contents of the px-id (and ST_F_PXNAME) variables. What do you think? The patch may be dangerous? (I'm not that clued up on JS injection tbh). I would be happy to use a different way if you can suggest something? Luckily, if JS is disabled on the browser, the "select all" checkbox won't do anything :-) -=david=- > Cheers, > Willy