[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] {Suspected SPAM} Re: {Suspected SPAM} Strange behaviour of tabbed view

Subject: [EP-tech] {Suspected SPAM} Re: {Suspected SPAM} Strange behaviour of tabbed view
From: drn at ecs.soton.ac.uk (David R Newman)
Date: Fri, 16 Jun 2023 11:01:51 +0100
In-reply-to: <36384bdc-35d0-4dd2-20dd-f12b88981e09@alfa.it>
References: <1f1b16d7-cda5-2b42-0ce4-e642b7aa5042@alfa.it> <1f1b16d7-cda5-2b42-0ce4-e642b7aa5042@alfa.it> <36384bdc-35d0-4dd2-20dd-f12b88981e09@alfa.it> <36384bdc-35d0-4dd2-20dd-f12b88981e09@alfa.it> <36008f22-c995-d09c-ee54-e6ad0897cb14@ecs.soton.ac.uk>

Hi Yuri,

I am not aware of any standard JavaScript in EPrints that could do 
this.? Based on the page that you are on I don't think this could be 
cross site scripting related.? One way to definitively protect against 
XSS would be to make sure your webserver (Apache) sets a content 
security policy that block external JavaScript except maybe Google, if 
you have IRStats2 installed and maybe a few other things depending on 
which plugins you use or any bespoke functionality you have.

I have checked over the recollect plugin and cannot find any obvious 
JavaScript across the whole plugin.? It does have a "NewDeposit" screen 
plugin but that is loaded into key_tools rather than eprint_actions.? 
Also, even if they was in eprint_actions, there would be no reason it 
would change what an existing button in the Actions tab does.

I have not used the ReCollect plugin much and certainly not recently, so 
there may be something I have missed in the files I have inspected 
(taken from the Bazaar).? If any one else had had recent experience with 
the ReCollect plugin, they may be better placed to advise.

Based on this being the first button in the actions tab, it feels like 
you or a colleague may have written some JavaScript to fix another issue 
on a different page where the wrong button (for your requirements) is 
being displayed and you want the EPrint::View button rather than this 
other button to be displayed.? I would look through you javascript/auto/ 
directory to see if you can find anything that refers to "EPrint::View";

Regards

David Newman

On 16/06/2023 10:36, Yuri via Eprints-tech wrote:
> *CAUTION:* This e-mail originated outside the University of Southampton.
>
> Hi!
>
> ?any idea on this topic? I forgot to add that it is 3.3.15 with 
> ReCollect plugin.
>
> Il 14/06/23 17:20, Yuri via Eprints-tech ha scritto:
>> *CAUTION:* This e-mail originated outside the University of Southampton.
>>
>> Hi!
>>
>> ?when, as logged user, I go to the eprint tabbed view (details, 
>> actions, etc), the "New Version" button action change the action from 
>> Eprints::NewVersion to Eprints::View. You can see it in the gif 
>> (sorry for the low quality):
>>
>>
>> This happens on the page load. The html source is correct, as you can 
>> see some javascript is changing the action when the page load. Where 
>> should I start to look at? Thanks for any info!
>>
>>
>>
>>
>> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cc71a972184c74e71e4c508db6e50b564%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638225065140397567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FNz8oKmcKwbEysxaZ%2BrDwnFsEpDCrq8%2F%2FXlGsJjPQs8%3D&reserved=0
>> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cc71a972184c74e71e4c508db6e50b564%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638225065140397567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=n%2Bul4GKPWQdLDSPW796mbOs0BjHK2oYTP7j0rf%2BR3uk%3D&reserved=0
>
> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cc71a972184c74e71e4c508db6e50b564%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638225065140397567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2FNz8oKmcKwbEysxaZ%2BrDwnFsEpDCrq8%2F%2FXlGsJjPQs8%3D&reserved=0
> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Cc71a972184c74e71e4c508db6e50b564%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638225065140397567%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=n%2Bul4GKPWQdLDSPW796mbOs0BjHK2oYTP7j0rf%2BR3uk%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20230616/50dcb634/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: newversion-view.gif
Type: image/gif
Size: 171699 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20230616/50dcb634/attachment-0001.gif

References:
- [EP-tech] {Suspected SPAM} Strange behaviour of tabbed view
  - From: yurj at alfa.it (Yuri)
- [EP-tech] {Suspected SPAM} Re: {Suspected SPAM} Strange behaviour of tabbed view
  - From: yurj at alfa.it (Yuri)

Prev by Date: [EP-tech] {Suspected SPAM} Re: {Suspected SPAM} Strange behaviour of tabbed view
Next by Date: [EP-tech] {Suspected SPAM} Re: {Suspected SPAM} Re: {Suspected SPAM} Strange behaviour of tabbed view
Next by thread: [EP-tech] Re: Eprints divisions problem
Index(es):
- Date
- Thread