Skip to content

nexedi / renderjs

Go to a project
Toggle navigation
Toggle navigation pinning
Merge Request !1 opened by

prevent loading render.js and rsvp.js twice from different url

@romain /cc @cedric.leninivin

Patch for spreadsheet gadget works in classic erp5 standard ui too and for @jerome gadget works in renderjs_ui as well as in erp5 standard ui.

https://lab.nexedi.com/bk/erp5/blob/master/bt5/erp5_graph_editor/SkinTemplateItem/portal_skins/erp5_graph_editor/dream_graph_editor/jsplumb/index.html.xml#L32

Edited
Request to merge bk:master into master

Closed

The changes were not merged into master.

  • @romain
    commented
    Owner

    URL are meaningless and only describe location of a ressource.

    It is possible to host renderjs in a server with a completely different kind of URL (shacache for example) and this patch will not prevent conflict to happen.

    For now, I consider the application developper should be responsible to prevent such issue. RenderJS can not alone prevent it currently.

    One easy way is to embed the "uncontrolled" into an iframe sandbox. This will prevent any conflict.

    A cleaner but more difficult solution would be to start using SRI and handle it also in renderJS. But I'm afraid of updating all gadget HTML when renderJS is updated. We could start using ERP5 template functionnality to calculate the SHA dynamically.

    In short, I reject the merge request.

  • @romain

    Status changed to closed

    Status changed to closed

    Toggle commit list
  • @bk

    mentioned in commit erp5@b1e8b649

    mentioned in commit erp5@b1e8b649

    Toggle commit list
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备14008524号