Hi David!

 I've found the problem in a custom _javascript_, as you pointed out. Thanks for the support!

 Details:

 I had a custom _javascript_ containing this code:

        new URL(window.location.href).searchParams.forEach(function (x, y) {
          return document.getElementById(y).value = x;
        });

 Don't ask me what this was supposed to do :-/

Hi Yuri,

I am not aware of any standard _javascript_ in EPrints that could do this.  Based on the page that you are on I don't think this could be cross site scripting related.  One way to definitively protect against XSS would be to make sure your webserver (Apache) sets a content security policy that block external _javascript_ except maybe Google, if you have IRStats2 installed and maybe a few other things depending on which plugins you use or any bespoke functionality you have.

I have checked over the recollect plugin and cannot find any obvious _javascript_ across the whole plugin.  It does have a "NewDeposit" screen plugin but that is loaded into key_tools rather than eprint_actions.  Also, even if they was in eprint_actions, there would be no reason it would change what an existing button in the Actions tab does. 

I have not used the ReCollect plugin much and certainly not recently, so there may be something I have missed in the files I have inspected (taken from the Bazaar).  If any one else had had recent experience with the ReCollect plugin, they may be better placed to advise.

Based on this being the first button in the actions tab, it feels like you or a colleague may have written some _javascript_ to fix another issue on a different page where the wrong button (for your requirements) is being displayed and you want the EPrint::View button rather than this other button to be displayed.  I would look through you _javascript_/auto/ directory to see if you can find anything that refers to "EPrint::View";

Regards

David Newman

On 16/06/2023 10:36, Yuri via Eprints-tech wrote:

CAUTION: This e-mail originated outside the University of Southampton.

Hi!

 any idea on this topic? I forgot to add that it is 3.3.15 with ReCollect plugin.

Il 14/06/23 17:20, Yuri via Eprints-tech ha scritto:

CAUTION: This e-mail originated outside the University of Southampton.

Hi!

 when, as logged user, I go to the eprint tabbed view (details, actions, etc), the "New Version" button action change the action from Eprints::NewVersion to Eprints::View. You can see it in the gif (sorry for the low quality):

This happens on the page load. The html source is correct, as you can see some _javascript_ is changing the action when the page load. Where should I start to look at? Thanks for any info!

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/