SWAT Redesign for Testing

Deryck Hodge deryck at samba.org
Tue Apr 19 17:18:05 GMT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christopher R. Hertel wrote:
| On Tue, Apr 19, 2005 at 10:41:00AM +1000, c.maxwell at a-r-m.com.au wrote:
| :
|
|>I've noticed the 'Current view is Basic/Advanced' bit and then the
|>redundant buttons below. You could use the onClick() event of the radio
|>boxes to do the same thing.
|
|
| SWAT must work for security-paranoids like me who turn off scripting and
| suchlike.  If the page relies on Javascript, it won't work.
|

I guess this is a good time to explain my Javascript philosophy and how
Javascript is working in the SWAT that's in trunk.

I have used Javascript fairly extensively in the new SWAT redesign.  My
reasoning for this, is that it allows GUI customizations based on user
preferences, choices, etc. without having GUI features coded in the SWAT
binary.  There are obvious advantages here, but my ultimate reasoning
was that it would be nice to move toward a templated SWAT eventually.
This way SWAT (the binary) would only handle data and template
processing and all GUI features would be left to XHTML, CSS,
Javascript... in the HTML template itself.

I realize, though, that sometimes people don't choose to enable
Javascript.  I don't believe security fears are founded on much today --
all current browsers (back to at least '98-99) run Javascript in a
sandbox and only make certain browser elements available to scripts via
the DOM, Javascript has no file I/O capabilities, etc -- however, I
respect people's right to use a browser as they see fit.  So I make sure
that all necessary functionality still works if Javascript is not enabled.

So, while I don't worry about the security of Javascript, I respect a
user's right to use a browser as they see fit.  I wouldn't use an
onclick to submit such an important request because without Javascript,
the user would have no way to select the additional parameters.  I do
think that something along the lines of

|   Current view is <B>basic</B>.  Switch to [Advanced]
|

is acceptable, whether [Advanced] is a button or a link or whatever.

I don't, however, have a problem with the Javascript-enabled version of
SWAT having more advanced functionality.  For example, the help menu is
much more attractive and functional in a Javascript-enabled browser.  My
assumption is that if you're regularly turning off Javascript, you're
used to limited/different functionality.

At least, this is the logic I'm following, which seems reasonable to me.

Cheers,
deryck

| PS.  Deryck:  would you be willing to remove the target="opennew" tags
|      from the links on your Screenshot Tour page?  Thanks...
|
PSS.  Sure. :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCZT1N4glRK0DaE8gRAkIgAJ9F+kv/Jex5BF26K3gq55xVfb/w9QCgnKlJ
i07LGYacMvb+7yMtWhKYil4=
=WS/k
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list