Simple Machines Blogs > Developers' Blog

jQuery FTW!

<< < (6/8) > >>

bloc:

--- Quote from: butchs on March 03, 2012, 06:54:31 AM ---The biggest risk of JQuery is it's popularity.  The exploit effort always increases with popularity.

There are many plugins for JQuery. Some of them are well written and other may not be or are not as complete as they could be...  Good People tend to trust plugins where as bad People like to exploit them.  Maybe we should have SMF approved plugins.

That being said, I do not mind JQuery being added to SMF but I do hesitate with SMF depending on JQuery as it's core to function.  I like to see the heart of the JS for SMF being provided by SMF.


--- End quote ---

Theres always Mootools, which is less used, but equally powerful. 8)

But seriously, if SMF uses a javascript framework  doesn't automatically make it vulnerable if there are plugins for it that ARE unsafe. That plugin still have to be added somehow, most likely by a designer etc. and it would not be included in a pure SMF installasion. Its same today really: if a theme use a unsafe javascript right now, its risking SMF in just the same way..but you can't blame SMF for it.

The fact that JQuery is popular makes it more targeted for people finding vulnerabilities, true..but it also have more people making it SAFE. Don't forget that.

butchs:
It seems to me that we really have no choice since the decision was made some time ago.   O:)

So, now that SMF relies on 3rd part software for it's Javascript, I assume SMF will release a "security" update to coincide with a JQuery update?   :-X

There you go...  have SMF check for jquery updates and download them automatically?   :o  Here is a thought, why not make jquery optional by providing hooks.  If it is installed then the "additional features" are be enabled.  Otherwise, plan jane SMF JS.

Antechinus:
The code allows for calling the latest from the Goggle CDN, or from using a local jQuery version of your choice.

Fustrate:

--- Quote from: butchs on April 15, 2012, 06:57:23 PM ---It seems to me that we really have no choice since the decision was made some time ago.   O:)

So, now that SMF relies on 3rd part software for it's Javascript, I assume SMF will release a "security" update to coincide with a JQuery update?   :-X
--- End quote ---

I don't see why we'd have to - you can just update the jQuery version you're serving in the admin area. Or at least you should be able to - I'll poke Spuds about it.


--- Quote ---There you go...  have SMF check for jquery updates and download them automatically?   :o  Here is a thought, why not make jquery optional by providing hooks.  If it is installed then the "additional features" are be enabled.  Otherwise, plan jane SMF JS.
--- End quote ---

That would mean writing the javascript twice, which is ridiculous. If you don't want to use jQuery, you'll end up with the same experience as someone who disables javascript, pretty much.

butchs:

--- Quote from: Fustrate on April 15, 2012, 09:47:05 PM ---I don't see why we'd have to - you can just update the jQuery version you're serving in the admin area. Or at least you should be able to - I'll poke Spuds about it.

--- End quote ---

This is SMF.  Most admins will not be able to do that.  I do not understand the logic to include 3rd party software that will be minimally supported.

Humm...

--- Quote from: CodeIgniter User Guide Version 2.1.0 ---CodeIgniter provides a library to help you with certain common functions that you may want to use with Javascript. Please note that CodeIgniter does not require the jQuery library to run, and that any scripting library will work equally well. The jQuery library is simply presented as a convenience if you choose to use it.
--- End quote ---

I always was under the impression that if an admin wanted to add a 3rd party software it was their responsibility.  Take coppermine for example. I always have to check for the latest update then apply it.  Of course, the programmers do not make it easy.  Their solution is a complete reinstall.  Every now and then (before FF)  I miss an update by a few months and a bad guy will take advantage of it.  Do not get me wrong, I am not dead set against it but, it just seems like another piece of software I have to keep an eye on and maintain.  Bla!  I am lazy at heart...  :o


--- Quote from: Fustrate on April 15, 2012, 09:47:05 PM ---That would mean writing the javascript twice, which is ridiculous. If you don't want to use jQuery, you'll end up with the same experience as someone who disables javascript, pretty much.

--- End quote ---

Not interested in disabling js.  More interested in what to do with all those sprinkles.   :laugh:

My question does SMF really need all the JS that is in it? It seems to be sprinkled all over the banana split.  Sometimes I wish I could have my sprinkles separate... and eat them when I feel like it.  What is going to be done about all those sprinkles?

The sprinkles are all over the place.  Add jQuery is like taking all of them and putting them in once big sprinkle storage container.  Once this is done you need to figgure out an interface.  I thought that things like this were the reason for the development of integration hooks in the first place.  Is this really less work?

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version