View Issue Details

IDProjectCategoryView StatusLast Update
0012245mantisbtjavascriptpublic2015-12-06 06:13
ReporterdhxAssigned Todhx 
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Product Version1.2.15 
Target Version1.3.0-beta.1Fixed in Version1.3.0-beta.1 
Summary0012245: Remove extended project browser feature
Description

The extended project browser feature consists of two combo boxes (one for the tier 1 projects and one for the tier 2 projects). Extensive JavaScript is used to link the two combo boxes together so that changing the tier 1 project refreshes the tier 2 project list.

This approach suffers from a number of issues:
1) It doesn't escape potentially harmful values before inserting them within the JavaScript.
2) It uses inline JavaScript which we're avoiding due to 0011826.
3) It doesn't scale beyond 2 levels of projects (project and sub-projects).
4) When enabled there is no fallback mechanism for JavaScript-disabled browsers.

Therefore this feature should be deprecated, removed and replaced in the future with a superior and more modern alternative.

TagsNo tags attached.

Relationships

related to 0011826 closeddhx Remove all inline JavaScript from MantisBT (use external scripts instead) 
related to 0015721 closedgrangeway Functionality to consider porting to master-2.0.x 
related to 0016900 confirmed Document breaking changes from the 1.2.x stream 
related to 0020349 closeddregad Projects list. Two levels possible ? 

Activities

grangeway

grangeway

2013-04-05 17:57

reporter   ~0036499

Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

Related Changesets

MantisBT: master 919cd8f0

2010-08-07 06:53:14

dhx

Details Diff
Issue 0012245: Remove extended project browser feature

The extended project browser feature consists of two combo boxes (one
for the tier 1 projects and one for the tier 2 projects). Extensive
JavaScript is used to link the two combo boxes together so that changing
the tier 1 project refreshes the tier 2 project list.

This approach suffers from a number of issues:
1) It doesn't escape potentially harmful values before inserting them
within the JavaScript.
2) It uses inline JavaScript which we're avoiding due to 0011826.
3) It doesn't scale beyond 2 levels of projects (project and
sub-projects).
4) When enabled there is no fallback mechanism for JavaScript-disabled
browsers.

Therefore this feature should be deprecated, removed and replaced in the
future with a superior and more modern alternative.
mod - core/html_api.php Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File
mod - config_defaults_inc.php Diff File
mod - core/print_api.php Diff File

Issue History

Date Modified Username Field Change
2010-08-07 02:53 dhx New Issue
2010-08-07 02:53 dhx Status new => assigned
2010-08-07 02:53 dhx Assigned To => dhx
2010-08-07 02:54 dhx Relationship added related to 0011826
2010-08-07 02:54 dhx Changeset attached => MantisBT master 919cd8f0
2010-08-07 02:54 dhx Status assigned => resolved
2010-08-07 02:54 dhx Fixed in Version => 1.3.0-beta.1
2010-08-07 02:54 dhx Resolution open => fixed
2013-04-05 17:57 grangeway Status resolved => acknowledged
2013-04-05 17:57 grangeway Note Added: 0036499
2013-04-05 18:04 grangeway Relationship added related to 0015721
2013-04-06 03:44 dregad Status acknowledged => resolved
2013-04-06 07:20 grangeway Status resolved => acknowledged
2013-04-06 09:26 dregad Tag Attached: 2.0.x check
2013-04-06 09:26 dregad Status acknowledged => resolved
2013-10-18 16:03 atrol Product Version 1.3.0-beta.1 => 1.2.15
2014-01-28 08:10 atrol Relationship added related to 0016900
2014-09-23 18:05 grangeway Tag Detached: 2.0.x check
2014-12-08 00:34 vboctor Status resolved => closed
2015-12-06 06:13 dregad Relationship added related to 0020349