search

anbuashokcs / jforum2

Automatically exported from code.google.com/p/jforum2
Other
0 stars 0 forks source link

JQuery referenced from Internet site #24

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Use JForum in a protected network without Internet access

What is the expected output? What do you see instead?
JForum mainpage, After a timeout, the main page is shown anyhow but without 
JQuery stuff working.

What version of the product are you using? On what operating system?
JForum 2.3.3 / Windows 2008 Server

Please provide any additional information below.
In the html pages, JQuery is reference like this:

<script type="text/javascript" 
src="http://code.jquery.com/jquery-1.7.1.min.js"></script>

It should be referenced like this as JQuery is part of the deployment already 
and is located in the javascript directory>:

<script type="text/javascript" 
src="${contextPath}/javascript/jquery-1.7.1.min.js"></script>

After manually changing the related html pages in the template directory, 
JForum was working well again.

Original issue reported on code.google.com by kusi.gue...@gmail.com on 23 Feb 2012 at 9:32

GoogleCodeExporter commented 9 years ago 
This is an advisedly result. I referred to some articles like this guide - 
"Best Practices for Speeding Up Your Web 
Site"(http://developer.yahoo.com/performance/rules.html) and decided to make 
jQuery referenced from the CDN for visitor's browser can cache it. And for 
those who install JForum in an protected network without Internet access, I 
leave the jQuery file in the javascript directory and they can make change to 
the template files themselves just as what you did. I think this won't be too 
hard for them to do this.

The following is those files needed for modification:
/templates/default/admin/config_list.htm
/templates/default/admin/search_stats_list.htm
/templates/default/forum_list.htm
/templates/default/post_form.htm
/templates/default/post_show.htm
/templates/default/topic_review.htm

Original comment by andow...@gmail.com on 26 Feb 2012 at 4:40

GoogleCodeExporter commented 9 years ago 
Hi, as this library isn't really big in size, this isn't a performance issue 
but a serious security issue. Due to cross domain access, certain browsers (eg. 
Safari) and others with restricted security setup (as it is usual in many 
companies) don't allow such stuff as is  a serious backdoor (including a 
library from a foreign server). Due to this I strongly recommend to make the 
local loading the default or at least to make it configurable at one certain 
place.

Original comment by kusi.gue...@gmail.com on 26 Feb 2012 at 5:07