Add a Javacript input to customize the backend

octobercms / october

Self-hosted CMS platform based on the Laravel PHP Framework.

https://octobercms.com/

Other

11.01k stars 2.21k forks source link

Add a Javacript input to customize the backend #3196

Closed pvullioud closed 6 years ago

pvullioud commented 6 years ago

Expected behavior

Actual behavior

We can inject CSS in the backend template but not Javascript This could be useful to implement tracking code and third party integration.

I can implement it if you agree with the proposal

LukeTowers commented 6 years ago

I'm not sure I like adding Javascript to be something easily done. You can always add JS with a custom plugin, it seems a bit dangerous to allow anyone with permissions to manage the backend branding to insert arbitrary JS though.

pvullioud commented 6 years ago

You can also break the backend with custom css :) It make sens to do an external plugin as a start. You can close the issue

LukeTowers commented 6 years ago

Break the backend, yes. Enable hidden XSS attacks by malicious backend users? Not quite :)