[development] jQuery 1.2 is released

Philippe Jadin philippe.jadin at gmail.com
Sun Sep 16 08:05:30 UTC 2007

On 9/16/07, Larry Garfield <larry at garfieldtech.com> wrote:
> If you can get an exploit that allows arbitrary PHP execution, then all you'd need to do is write a new hacked javascript file and then update the database with a new md5sum.  Voila, it won't be detected.
> And having Drupal (or your OS, or browser, or anything else) auto-install files without asking you is a bad idea in general.  The user/admin should always have to be notified of and pre-approve any changes to the installed software.  To do otherwise is just begging for the system to auto-download its own crack.

And from a different perspective, what is this thread about?
Automating jquery plugins install ? I smell the overengineering flux

- jquery UI has not been released yet, so it's hard to evaluate how to
ship it with Drupal
- other jquery plugins have been known to be a decentralized thing,
and moving very fast (with api changes). Even if it's not the case
with UI, it's too new to evaluate
- we don't even know what Drupal will use from this jquery UI
- we don't auto install Drupal modules why would we autoinstall jquery plugins ?

Imho auto install of jquery plugin is not needed. Fine grained control
of what is enabled or not is not very important.
I think that someone thrusted from Drupal UI module could create an
archive containing everything including UI widgets and images. This
archive would be available ideally from the jquery website, as we
can't put this stuff on d.o or eventually on a third party server.
Admin can dowload this archive inside the UI module and be confident
that it will work. Other modules would simply depend on UI module and
add_js() what is required for them.

As long as the js is added to the page only when requested, it doesn't
matter if admin must upload a "big" archive inside Drupal UI module to
make it work.

my 0.02


More information about the development mailing list