View Issue Details

IDProjectCategoryView StatusLast Update
0012245mantisbtjavascriptpublic2015-12-06 06:13
Reporterdhx Assigned Todhx  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Product Version1.2.15 
Target Version1.3.0-beta.1Fixed in Version1.3.0-beta.1 
Summary0012245: Remove extended project browser feature
Description

The extended project browser feature consists of two combo boxes (one for the tier 1 projects and one for the tier 2 projects). Extensive JavaScript is used to link the two combo boxes together so that changing the tier 1 project refreshes the tier 2 project list.

This approach suffers from a number of issues:
1) It doesn't escape potentially harmful values before inserting them within the JavaScript.
2) It uses inline JavaScript which we're avoiding due to 0011826.
3) It doesn't scale beyond 2 levels of projects (project and sub-projects).
4) When enabled there is no fallback mechanism for JavaScript-disabled browsers.

Therefore this feature should be deprecated, removed and replaced in the future with a superior and more modern alternative.

TagsNo tags attached.

Relationships

related to 0011826 closeddhx Remove all inline JavaScript from MantisBT (use external scripts instead) 
related to 0015721 closedgrangeway Functionality to consider porting to master-2.0.x 
related to 0016900 confirmed Document breaking changes from the 1.2.x stream 
related to 0020349 closeddregad Projects list. Two levels possible ? 

Activities

grangeway

grangeway

2013-04-05 17:57

reporter   ~0036499

Marking as 'acknowledged' not resolved/closed to track that change gets ported to master-2.0.x branch

Related Changesets

MantisBT: master 919cd8f0

2010-08-07 02:53

dhx


Details Diff
Issue 0012245: Remove extended project browser feature

The extended project browser feature consists of two combo boxes (one
for the tier 1 projects and one for the tier 2 projects). Extensive
JavaScript is used to link the two combo boxes together so that changing
the tier 1 project refreshes the tier 2 project list.

This approach suffers from a number of issues:
1) It doesn't escape potentially harmful values before inserting them
within the JavaScript.
2) It uses inline JavaScript which we're avoiding due to 0011826.
3) It doesn't scale beyond 2 levels of projects (project and
sub-projects).
4) When enabled there is no fallback mechanism for JavaScript-disabled
browsers.

Therefore this feature should be deprecated, removed and replaced in the
future with a superior and more modern alternative.
Affected Issues
0012245
mod - core/html_api.php Diff File
mod - docbook/adminguide/en/configuration.sgml Diff File
mod - config_defaults_inc.php Diff File
mod - core/print_api.php Diff File