To prevent possible accidental denial of service incidents, we should limit how many times an alert can be presented within one instance of a template. Perhaps 3-5 to allow them to be used for debugging purposes?
There's no example here. I was thinking that sometimes a JS alert() call might be handy when debugging templates, but then it occurred to me that they could be used to cause some havoc, and that perhaps a limit should be enforced. This may or may not be a big deal (or even an issue at all).
Doesn't a user need special permissions to edit templates? If that's the case, I would say it's safe to leave things as-is for now. If people abuse alert(), we could look at a blacklist or something similar.
But the thing is... I don't think there's a way to call alert from a kumascript template - you can't insert <script> into a page, anyway.
Yep, you're right.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
Component: Website → Landing pages
Product: Mozilla Developer Network → Mozilla Developer Network
You need to log in before you can comment on or make changes to this bug.