search

ivaldi / brimir

Email helpdesk built using Ruby on Rails and Zurb Foundation
http://getbrimir.com
GNU Affero General Public License v3.0
1.38k stars 299 forks source link

Support for custom CSS/JS by app setting or tenant #446

Closed svoop closed 5 years ago

svoop commented 5 years ago

Until now, it was only possible to configure a custom CSS on the tenant.

For some customizing (e.g. renaming submit button text on standalone new ticket view), custom JS is necessary. However, custom JS may open the door to malicious JS injection after getting illegitimate access to any agent's account. Time for some extra security.

There are four new application settings now:

enable_custom_stylesheet (default: true) Main switch for custom stylesheets.

enable_custom_javascript (default: false) Main switch for custom javascript.

custom_stylesheet_url (default: nil) Overrides the URL set on the tenant. This URL will be showed on the settings form as a disabled input.

custom_javascript_url (default: nil) Overrides the URL set on the tenant. This URLwill be showed on the settings form as a disabled input.

coveralls commented 5 years ago

Coverage Status

Coverage increased (+0.3%) to 90.53% when pulling aab8f0086dd6a2e122163f9e697c268915433da7 on svoop:custom_js into 7d3bb54880300f5dbece3df368dc9781e6102810 on ivaldi:master.

coveralls commented 5 years ago

Coverage Status

Coverage increased (+0.3%) to 90.53% when pulling 8f1b0f9050af38729cf3562774a5e4db884e386a on svoop:custom_js into 7d3bb54880300f5dbece3df368dc9781e6102810 on ivaldi:master.

coveralls commented 5 years ago

Coverage Status

Coverage increased (+0.3%) to 90.53% when pulling 8f1b0f9050af38729cf3562774a5e4db884e386a on svoop:custom_js into 7d3bb54880300f5dbece3df368dc9781e6102810 on ivaldi:master.

svoop commented 5 years ago

Muchos mercis