Hide Forgot
Description of problem: If a project creator adds a link in the Source Download/Checkout field, this link is shown in plain text on the project page Version-Release number of selected component (if applicable): 3.x How reproducible: Easy always Steps to Reproduce: 1. Sign in, go to Projects->Create Project 2. Enter a valid id and name 3. Enter some url into the Source Download/Checkout field 4. Press Save Actual results: The project page shows this url as text Expected results: The url should be shown as a link (preferably that opens in a new tab)
This is intentional. These locators are intended to provide machine-readable content and are likely not to work as a link in a browser. e.g. git:zanata/zanata-server.git
Was: Project source url is not a link Text Select -> Copy is a pain, a nice button ala github's copy to clipboard wouldn't displease me.
That would require a bit of Flash to have access to the clipboard. Last time I checked there wasn't a Javascript way of doing it for all browsers (but that information may be outdated). Anyway, yes that would be a nice-to-have.
This area will be redesigned soon (hopefully next release), but we could at least put the source url in a readonly text field that can be selected with one click. BTW, The field names really should be clearer when entering these, it's way too much cognitive load to work out what exactly the fields are for.
(In reply to Carlos Munoz from comment #3) > That would require a bit of Flash to have access to the clipboard. Last time > I checked there wasn't a Javascript way of doing it for all browsers (but > that information may be outdated). Anyway, yes that would be a nice-to-have. Your information is up-to-date, there is a W3C working draft for a JavaScript clipboard API, but that's as far as it has gone at the moment: http://www.w3.org/TR/clipboard-apis/
Security requires some consideration since we are taking arbitrary text entered by users that is presented for use on the command line (e.g. to be pasted after "git clone " and immediately run. There is potential for malicious commands to be inserted after a legitimate or apparently-legitimate url that could be accidentally run by a user not paying sufficient attention. e.g. if the field contained: "git:zanata/zanata-server.git ; rm -rf /" a user's hard drive could be cleared if they are not paying attention. Ideally we would restrict this field to containing known source control URL patterns. At very least we should ensure that all text in this field is always visible so that users cannot copy text that without having an opportunity to see what it is.
That means max length is required. What will that be?
Wait a minute, let's not go too deep into that rabbit hole! If a developer is pasting random text into a prompt (BTW, "rm -rf /" won't work for a normal user), and then hitting enter without reading the command line, that's not Zanata's fault! How about we just make sure the text can't contain a newline character? That way, pasting the string won't initiate any action. Anything more than that is chrome-plating. I don't think we should check against known source control URLs at this stage, or we will be fiddling with it forever, adding new source control system and generally wasting time. Most developers are just going to use the clickable link anyway. The source control URL is mainly there for us, for possible use in future.
This appears to have been fixed as part of a UI update.