Bug 1027035
Summary: | RFE: Copy to Clipboard button for project source download | ||
---|---|---|---|
Product: | [Retired] Zanata | Reporter: | Damian Jansen <djansen> |
Component: | Usability | Assignee: | Isaac Rooskov <irooskov> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Zanata-QA Mailling List <zanata-qa> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | development | CC: | camunoz, damason, dchen, lbrooker, sflaniga, yshao, zanata-bugs |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-03-25 05:58:14 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Damian Jansen
2013-11-05 23:41:43 UTC
This is intentional. These locators are intended to provide machine-readable content and are likely not to work as a link in a browser. e.g. git:zanata/zanata-server.git Was: Project source url is not a link Text Select -> Copy is a pain, a nice button ala github's copy to clipboard wouldn't displease me. That would require a bit of Flash to have access to the clipboard. Last time I checked there wasn't a Javascript way of doing it for all browsers (but that information may be outdated). Anyway, yes that would be a nice-to-have. This area will be redesigned soon (hopefully next release), but we could at least put the source url in a readonly text field that can be selected with one click. BTW, The field names really should be clearer when entering these, it's way too much cognitive load to work out what exactly the fields are for. (In reply to Carlos Munoz from comment #3) > That would require a bit of Flash to have access to the clipboard. Last time > I checked there wasn't a Javascript way of doing it for all browsers (but > that information may be outdated). Anyway, yes that would be a nice-to-have. Your information is up-to-date, there is a W3C working draft for a JavaScript clipboard API, but that's as far as it has gone at the moment: http://www.w3.org/TR/clipboard-apis/ Security requires some consideration since we are taking arbitrary text entered by users that is presented for use on the command line (e.g. to be pasted after "git clone " and immediately run. There is potential for malicious commands to be inserted after a legitimate or apparently-legitimate url that could be accidentally run by a user not paying sufficient attention. e.g. if the field contained: "git:zanata/zanata-server.git ; rm -rf /" a user's hard drive could be cleared if they are not paying attention. Ideally we would restrict this field to containing known source control URL patterns. At very least we should ensure that all text in this field is always visible so that users cannot copy text that without having an opportunity to see what it is. That means max length is required. What will that be? Wait a minute, let's not go too deep into that rabbit hole! If a developer is pasting random text into a prompt (BTW, "rm -rf /" won't work for a normal user), and then hitting enter without reading the command line, that's not Zanata's fault! How about we just make sure the text can't contain a newline character? That way, pasting the string won't initiate any action. Anything more than that is chrome-plating. I don't think we should check against known source control URLs at this stage, or we will be fiddling with it forever, adding new source control system and generally wasting time. Most developers are just going to use the clickable link anyway. The source control URL is mainly there for us, for possible use in future. This appears to have been fixed as part of a UI update. |