Closed stpaultim closed 3 months ago
olafgrabienski
commented
1 year ago I'm also interested in the option to add JavaScript easily via the user interface. However, for upgrades from Drupal 7 it's probably more preferable not to merge CSS Injector and JS Injector (not ported so far).
I also think, the need for custom CSS on the one hand and for custom JS on the other hand are different enough use cases. While I use of custom CSS all the time, that's not the case with JS.
kreynen
commented
1 year ago When it comes to adding js snippets, GTM is our recommendation. I personally don't like the fact that once GTM is enabled on a site, users with permissions in the GTM service can add any js "on top" of a site. In our environment, the marketing teams who are adding tracking scripts or responding to other marketing requests are often different people than the web designers/developers managing the site design/css. GTM offers its own moderation/review process. It bothers me that we pen-test our install profile and sites before launch, but we blindly trust the javascript snippets added to them after launch.
I've had to learned to accept the security risk any method of injected js brings.
That said, what happened at UCSF with https://www.hipaajournal.com/meta-facing-further-class-action-lawsuit-over-use-of-meta-pixel-code-on-hospital-websites/ should be a wake-up call that wherever js is added, it needs to be reviewed by people who actually understand what it does. Because of the changes with Google Analytics 4, it's much harder to implement goal and event tracking without GTM. If you are going to need GTM, you might as well focus your resources and reviewing the js that ends up on a site there.
klonos
commented
3 months ago Thanks for bringing this up @stpaultim 🙏🏼 ...I believe that this should either be addressed by porting JS Injector, or by combining the features in a common Asset Injector module. Adding JS capabilities to a module with "CSS Injector" in its name would be confusing. Even more since these are already different modules in D7. We should definitely port JS Injector regardless, as it might be needed for D7 to Backdrop upgrades.
As such, I will go ahead and close this issue here.
I'm just checking to see if there would be any interest in adding this feature to this module or if it would be better for me to tackle this is a seperate module. This came up, because I was looking at porting this module:
https://www.drupal.org/project/tracking_code
But, I see that for Drupal 8/9 they have combine this Drupal 7 functionality into the CSS injector module. Would it make sense to do the same for Backdrop or should I just focus my attention on the Drupal 7 module?
UPDATE: I'm looking closer and it seems that they did not add the JS functionality to CSS injector, rather they combined two modules into one. https://www.drupal.org/project/asset_injector
I think I'll focus on the other module, but if there is interest, we could talk about merging the two modules into one. I think that sometimes we have too many very narrowly targeted modules and would benefit from having more modules that do more than one very narrow task.