Bug 1027035 - RFE: Copy to Clipboard button for project source download
RFE: Copy to Clipboard button for project source download
Status: CLOSED CURRENTRELEASE
Product: Zanata
Classification: Community
Component: Usability (Show other bugs)
development
Unspecified Unspecified
unspecified Severity low
: ---
: ---
Assigned To: Isaac Rooskov
Zanata-QA Mailling List
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-05 18:41 EST by Damian Jansen
Modified: 2015-08-06 01:55 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-25 01:58:14 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Damian Jansen 2013-11-05 18:41:43 EST
Description of problem:
If a project creator adds a link in the Source Download/Checkout field, this link is shown in plain text on the project page

Version-Release number of selected component (if applicable):
3.x

How reproducible:
Easy always

Steps to Reproduce:
1. Sign in, go to Projects->Create Project
2. Enter a valid id and name
3. Enter some url into the Source Download/Checkout field
4. Press Save

Actual results:
The project page shows this url as text

Expected results:
The url should be shown as a link (preferably that opens in a new tab)
Comment 1 David Mason 2013-11-05 18:56:00 EST
This is intentional. These locators are intended to provide machine-readable content and are likely not to work as a link in a browser. e.g. git@github.com:zanata/zanata-server.git
Comment 2 Damian Jansen 2013-11-05 19:01:28 EST
Was: Project source url is not a link

Text Select -> Copy is a pain, a nice button ala github's copy to clipboard wouldn't displease me.
Comment 3 Carlos Munoz 2013-11-05 19:10:04 EST
That would require a bit of Flash to have access to the clipboard. Last time I checked there wasn't a Javascript way of doing it for all browsers (but that information may be outdated). Anyway, yes that would be a nice-to-have.
Comment 4 Luke Brooker 2013-11-05 19:15:05 EST
This area will be redesigned soon (hopefully next release), but we could at least put the source url in a readonly text field that can be selected with one click.

BTW, The field names really should be clearer when entering these, it's way too much cognitive load to work out what exactly the fields are for.
Comment 5 David Mason 2013-11-05 19:25:47 EST
(In reply to Carlos Munoz from comment #3)
> That would require a bit of Flash to have access to the clipboard. Last time
> I checked there wasn't a Javascript way of doing it for all browsers (but
> that information may be outdated). Anyway, yes that would be a nice-to-have.

Your information is up-to-date, there is a W3C working draft for a JavaScript clipboard API, but that's as far as it has gone at the moment: http://www.w3.org/TR/clipboard-apis/
Comment 6 David Mason 2013-11-05 19:33:01 EST
Security requires some consideration since we are taking arbitrary text entered by users that is presented for use on the command line (e.g. to be pasted after "git clone " and immediately run. There is potential for malicious commands to be inserted after a legitimate or apparently-legitimate url that could be accidentally run by a user not paying sufficient attention.

e.g. if the field contained: "git@github.com:zanata/zanata-server.git ; rm -rf /" a user's hard drive could be cleared if they are not paying attention.

Ideally we would restrict this field to containing known source control URL patterns. At very least we should ensure that all text in this field is always visible so that users cannot copy text that without having an opportunity to see what it is.
Comment 7 Ding-Yi Chen 2013-11-05 19:55:41 EST
That means max length is required. What will that be?
Comment 8 Sean Flanigan 2013-11-05 23:42:44 EST
Wait a minute, let's not go too deep into that rabbit hole!

If a developer is pasting random text into a prompt (BTW, "rm -rf /" won't work for a normal user), and then hitting enter without reading the command line, that's not Zanata's fault!

How about we just make sure the text can't contain a newline character?  That way, pasting the string won't initiate any action.

Anything more than that is chrome-plating.  I don't think we should check against known source control URLs at this stage, or we will be fiddling with it forever, adding new source control system and generally wasting time.

Most developers are just going to use the clickable link anyway.  The source control URL is mainly there for us, for possible use in future.
Comment 9 David Mason 2015-03-25 01:58:14 EDT
This appears to have been fixed as part of a UI update.

Note You need to log in before you can comment on or make changes to this bug.