More in this section

Forums / Bugs & Issues / Javascript embedd widget

Javascript embedd widget

6 posts, 0 answered
  1. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    20 Mar 2012
    Link to this post
    If you use the "Browse" function of the JS widget to pick a file in your theme folder (under app_data), it's not smart enough to rewrite out the "App_Data"...at least on the server end serve it up right perhaps (knowing it'll fail)?

    Steve
  2. Boyan Barnev
    Boyan Barnev avatar
    1429 posts
    Registered:
    30 Oct 2017
    22 Mar 2012
    Link to this post
    Hello Steve,

    Can you please clarify in some more details what's the actual problem so I can be sure we're on the same track here? Generally App_Data is not a public folder, meaning it's not meant to be accessible, one has to write a handler to "map" a URl to the certain route and then create whatever you need there. But by default IIS should not give access to App_Data for security reasons, otherwise people could easily obtain sensitive information.

    Kind regards,
    Boyan Barnev
    the Telerik team
    Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    22 Mar 2012
    Link to this post
    Right, exactly the point :)

    It's not a public folder, so when I pick a file in my theme via the "browse" button on the JS widget it puts App_Data in as the string which would be saved back to the DB when the user hits save.

    Now I know that the proper path has App_Data written out of the URL, so I can remove it, but a generic user would have no idea if they had to link in a script that came with a theme (and thus living in the app_data themes root)
  4. Jochem Bökkers
    Jochem Bökkers avatar
    787 posts
    Registered:
    13 Aug 2007
    22 Mar 2012
    Link to this post
    @Boyan & Steve,

    While we're on the subject of the JS widget and the URL, can you put a huge disclaimer there or add a <blink>This is a fully hardcoded link - when you deploy please remember to edit this (and all the other) js widgets again</blink> message somewhere?

    Thanks!
    Jochem
  5. Steve
    Steve avatar
    3037 posts
    Registered:
    03 Dec 2008
    22 Mar 2012
    Link to this post
    ...or the more futureproof system of when you "browse" to a file on your webroot make it relative, or filter it out in the backend to be relative?
  6. Jochem Bökkers
    Jochem Bökkers avatar
    787 posts
    Registered:
    13 Aug 2007
    22 Mar 2012
    Link to this post
    @Steve

    True, but if I'm not mistaking you reported that a while ago no? I seem to remember a bug post about static js or css being served but couldn't find it on the forum no more.

    And a disclaimer is only like 10mins work, to add another literal to the window and open firebug, find the class and add 20px length to it.
6 posts, 0 answered