Red Hat Bugzilla – Bug 1027035
RFE: Copy to Clipboard button for project source download
Last modified: 2015-08-06 01:55:19 EDT
Description of problem:
If a project creator adds a link in the Source Download/Checkout field, this link is shown in plain text on the project page
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Sign in, go to Projects->Create Project
2. Enter a valid id and name
3. Enter some url into the Source Download/Checkout field
4. Press Save
The project page shows this url as text
The url should be shown as a link (preferably that opens in a new tab)
This is intentional. These locators are intended to provide machine-readable content and are likely not to work as a link in a browser. e.g. email@example.com:zanata/zanata-server.git
Was: Project source url is not a link
Text Select -> Copy is a pain, a nice button ala github's copy to clipboard wouldn't displease me.
This area will be redesigned soon (hopefully next release), but we could at least put the source url in a readonly text field that can be selected with one click.
BTW, The field names really should be clearer when entering these, it's way too much cognitive load to work out what exactly the fields are for.
(In reply to Carlos Munoz from comment #3)
> That would require a bit of Flash to have access to the clipboard. Last time
> that information may be outdated). Anyway, yes that would be a nice-to-have.
Security requires some consideration since we are taking arbitrary text entered by users that is presented for use on the command line (e.g. to be pasted after "git clone " and immediately run. There is potential for malicious commands to be inserted after a legitimate or apparently-legitimate url that could be accidentally run by a user not paying sufficient attention.
e.g. if the field contained: "firstname.lastname@example.org:zanata/zanata-server.git ; rm -rf /" a user's hard drive could be cleared if they are not paying attention.
Ideally we would restrict this field to containing known source control URL patterns. At very least we should ensure that all text in this field is always visible so that users cannot copy text that without having an opportunity to see what it is.
That means max length is required. What will that be?
Wait a minute, let's not go too deep into that rabbit hole!
If a developer is pasting random text into a prompt (BTW, "rm -rf /" won't work for a normal user), and then hitting enter without reading the command line, that's not Zanata's fault!
How about we just make sure the text can't contain a newline character? That way, pasting the string won't initiate any action.
Anything more than that is chrome-plating. I don't think we should check against known source control URLs at this stage, or we will be fiddling with it forever, adding new source control system and generally wasting time.
Most developers are just going to use the clickable link anyway. The source control URL is mainly there for us, for possible use in future.
This appears to have been fixed as part of a UI update.