Skip to content

nexedi / renderjs

Go to a project
Merge request !1 opened by

prevent loading render.js and rsvp.js twice from different url

@romain /cc @cedric.leninivin

Patch for spreadsheet gadget works in classic erp5 standard ui too and for @jerome gadget works in renderjs_ui as well as in erp5 standard ui.

https://lab.nexedi.com/bk/erp5/blob/master/bt5/erp5_graph_editor/SkinTemplateItem/portal_skins/erp5_graph_editor/dream_graph_editor/jsplumb/index.html.xml#L32

{{ resolvedDiscussionCount }}/{{ discussionCount }} {{ resolvedCountText }} resolved
  • Romain Courteaud @romain commented
    Owner

    URL are meaningless and only describe location of a ressource.

    It is possible to host renderjs in a server with a completely different kind of URL (shacache for example) and this patch will not prevent conflict to happen.

    For now, I consider the application developper should be responsible to prevent such issue. RenderJS can not alone prevent it currently.

    One easy way is to embed the "uncontrolled" into an iframe sandbox. This will prevent any conflict.

    A cleaner but more difficult solution would be to start using SRI and handle it also in renderJS. But I'm afraid of updating all gadget HTML when renderJS is updated. We could start using ERP5 template functionnality to calculate the SHA dynamically.

    In short, I reject the merge request.

  • Romain Courteaud @romain

    Status changed to closed

    Status changed to closed

    Toggle commit list
  • Boris Kocherov @bk

    mentioned in commit erp5@b1e8b649

    mentioned in commit erp5@b1e8b649

    Toggle commit list
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备14008524号