-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lo Mathieu,
On Friday 24 Sep 2004 10:41, Mathieu Roy wrote: > Elfyn McBratney <[EMAIL PROTECTED]> tapota : > > [...] > > I know some of us like to use lynx (Just me? ;-) and other text-only (w/o > > js) browsers, so it would not be a good idea to enable by default, I > > guess, but what about clients we know have (at least basic) js i.e., Moz, > > Konq/Safari, MSIE? Or, a new user preference to enable/disable js > > globally (but wouldn't be used (at all?) in the home|main, login, logout, > > change password/fetch password hash and change user prefs pages, so the > > user can fix if needed) ? > > > > Some examples I can quickly think of: selection of all artifacts and > > moving them to another tracker, select all in lists (most admin areas - > > could also enable some 'command' like buttons), confirmation of deletion > > of 'stuff', general user alerts, etc.. > > > > This could of course add more places where XSS 'sploits could be > > inserted, but shouldn't be hard enough to cast/strip completely. > > (Though, IMO, if you follow a link without looking at it with an > > un-trustworthy eye, you're asking for trouble ;-) > > > > Does this sound interesting? :-) Hmm.. Maybe we could have a > > RFC/SEP(Savane Enhancement Proposal ;-) directory in CVS/items on the > > trackers @ gna.org like the post-it's, for this kind of stuff, too? > > Hum, if I say that one my first achievement was to remove any > javascript from Savane. It was more than necessary in the past, since > browsers was not provide a way to avoid pop-up with javascript > activated. heh, good to know ;-) > By from my small experience, javascript is one thing more > unpredictable, browser specific. Indeed, but for some stuff, could be nice (i.e., I'd use it :-) > For the "select all" for list, it could be interesting, but I think > js, if we restart using it, should only add trivial improvement (it > should not be mandatory to perform any action) that can be achieved in > xhtml. Yup, that's exactly what I wanted to convey. Always (or hopefully, anyways) an alternative/default way without requiring much (pref. any) browser specific stuff - the way it is now - and where used, sticking only to stuff that most browsers now a days should support (Hmm.. is js a w3c spec? ...not that MSIE follows any specs ;-). If it's not good for mainline, but could be in the future, could I create an arch repo where others could see/test it? I could then show some examples of it working, but being completely off by default, etc.. without busting the frontend ;-) Elfyn - -- Elfyn McBratney beu on irc.freenode.net/savannah.[non]gnu.org PGP Key ID: 0x456548B4 PGP Key Fingerprint: 29D5 91BB 8748 7CC9 650F 31FE 6888 0C2A 4565 48B4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBU/sgaIgMKkVlSLQRAktDAKCYPHRgln7bJS+HnfyFJvw0+fF+HgCaA4Pj z/S+j8DLf0JXaGPK1BFp5cQ= =ATmt -----END PGP SIGNATURE-----
