Kuma: KumaScript - Limit number of calls to alert() allowed per template instance

RESOLVED INVALID

Status

developer.mozilla.org
Wiki pages
RESOLVED INVALID
6 years ago
5 years ago

People

(Reporter: sheppy, Unassigned)

Tracking

Details

(Reporter)

Description

6 years ago
To prevent possible accidental denial of service incidents, we should limit how many times an alert can be presented within one instance of a template. Perhaps 3-5 to allow them to be used for debugging purposes?
Do you mean JavaScript alert()? Do you have an example? Don't quite understand the issue
(Reporter)

Comment 2

6 years ago
There's no example here. I was thinking that sometimes a JS alert() call might be handy when debugging templates, but then it occurred to me that they could be used to cause some havoc, and that perhaps a limit should be enforced. This may or may not be a big deal (or even an issue at all).
Doesn't a user need special permissions to edit templates? If that's the case, I would say it's safe to leave things as-is for now. If people abuse alert(), we could look at a blacklist or something similar.
But the thing is... I don't think there's a way to call alert from a kumascript template - you can't insert <script> into a page, anyway.
(Reporter)

Comment 5

6 years ago
Yep, you're right.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → INVALID
(Assignee)

Updated

6 years ago
Version: Kuma → unspecified
(Assignee)

Updated

6 years ago
Component: Website → Landing pages
Product: Mozilla Developer Network → Mozilla Developer Network
You need to log in before you can comment on or make changes to this bug.