SWAT Redesign for Testing

Deryck Hodge deryck at samba.org
Tue Apr 19 17:18:05 GMT 2005

Hash: SHA1

Christopher R. Hertel wrote:
| On Tue, Apr 19, 2005 at 10:41:00AM +1000, c.maxwell at a-r-m.com.au wrote:
| :
|>I've noticed the 'Current view is Basic/Advanced' bit and then the
|>redundant buttons below. You could use the onClick() event of the radio
|>boxes to do the same thing.
| SWAT must work for security-paranoids like me who turn off scripting and
| suchlike.  If the page relies on Javascript, it won't work.

I guess this is a good time to explain my Javascript philosophy and how
Javascript is working in the SWAT that's in trunk.

I have used Javascript fairly extensively in the new SWAT redesign.  My
reasoning for this, is that it allows GUI customizations based on user
preferences, choices, etc. without having GUI features coded in the SWAT
binary.  There are obvious advantages here, but my ultimate reasoning
was that it would be nice to move toward a templated SWAT eventually.
This way SWAT (the binary) would only handle data and template
processing and all GUI features would be left to XHTML, CSS,
Javascript... in the HTML template itself.

I realize, though, that sometimes people don't choose to enable
Javascript.  I don't believe security fears are founded on much today --
all current browsers (back to at least '98-99) run Javascript in a
sandbox and only make certain browser elements available to scripts via
the DOM, Javascript has no file I/O capabilities, etc -- however, I
respect people's right to use a browser as they see fit.  So I make sure
that all necessary functionality still works if Javascript is not enabled.

So, while I don't worry about the security of Javascript, I respect a
user's right to use a browser as they see fit.  I wouldn't use an
onclick to submit such an important request because without Javascript,
the user would have no way to select the additional parameters.  I do
think that something along the lines of

|   Current view is <B>basic</B>.  Switch to [Advanced]

is acceptable, whether [Advanced] is a button or a link or whatever.

I don't, however, have a problem with the Javascript-enabled version of
SWAT having more advanced functionality.  For example, the help menu is
much more attractive and functional in a Javascript-enabled browser.  My
assumption is that if you're regularly turning off Javascript, you're
used to limited/different functionality.

At least, this is the logic I'm following, which seems reasonable to me.


| PS.  Deryck:  would you be willing to remove the target="opennew" tags
|      from the links on your Screenshot Tour page?  Thanks...
PSS.  Sure. :-)
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba-technical mailing list