[BlueOnyx:26664] Re: jquery warning

Tobias Gablunsky t.gablunsky at cbxnet.de
Wed Dec 13 04:25:05 -05 2023 

Well, I have been quite sure that my "short question" wasn't to be answered as short..



So thank you Michael for the detailed analysis.



Reaction-wise I don't like obfuscation as a reaction. But I see your point in not replacing the used jQuery version with reasonable effort. So I think, working on the new UI version is the right way to go!



Thanks again,

































Tobias Gablunsky
 IT-Infrastruktur & Lösungen
 ____________________________________________
 CBXNET combox internet GmbH
 Landhausstr. 22 | 10717 Berlin
 Tel: +49 (30) 5900 69-00
 Fax: +49 (30) 5900 69-99
 www.cbxnet.de

Rechenzentren für sichere Geschäftsanwendungen
 Tel: +49 (30) 5900 69-80
 https://combox.bln.de

Amtsgericht Berlin-Charlottenburg HRB 71171
 Geschäftsführer: Stephan Höhn





-----Ursprüngliche Nachricht-----
Von: Michael Stauber via Blueonyx <blueonyx at mail.blueonyx.it>
Gesendet: Dienstag 12. Dezember 2023 23:25
An: blueonyx at mail.blueonyx.it
Betreff: [BlueOnyx:26663] Re: jquery warning


Hi all,

> I'll take a look at this today. If I can't upgrade jQuery and retain
> compatibility with the offered migration plugins I'll at least replace

> jQuery with a patched version that's floating around and being
> maintained for those who can't do a straight up move to the latest version.

Yeah, ok. Bad idea. This is like a heart transplantation.

I just played around with it and here is what I did for testing:

I upgraded jQuery from v1.7.2 to the latest stable v1.12.4 (last of the
v1 tree). Added the jQuery migrate script for jQuery 1.x that supposedly

fixes compat issues from v1.7.2 -> 1.9 (and newer) and updated jQuery-UI

to a more recent version. I also tried it with an updated jQuery UI
v1.13 (and without).

And that's where the train jumped right off the tracks:

Tooltips were no longer working, because the tooltip plugin Adminica
uses has been deprecated an no newer version is available. It can't be
fixed either, as it's an unmaintainable mess that relies on deprecated
means and methods.

So I had ChatGPT hammer out a replacement jQuery script that dynamically

creates tooltips with the given HTML. That restored tooltip
functionality in a fashion not unlike the one we use in the new Elmer
GUI that is in development.

But there are additional glitches such as all pop-up modals ("Do you
really want to log out ..." or "Do you really want to delete ..."),
which now show up in places other than the intended ones.

Which is fixable, too. But this needs time and I'm certain there might
be other glitches as well, which I haven't yet run into.

So yeah: This can be done, but right now? I have five days left before a
holiday travel and am still up to my ears embedded in hammering out the
new and more modern GUI for BlueOnyx. Which is another heart
transplantation (where other assorted bits and pieces are also getting
replaced) and that's incredibly time consuming. I also don't want to
deeply modify the 5211R (production) code base, because upon release of
the new GUI I have to merge four weeks of multiple daily code changes
back into the existing 5211R code tree from this devel repo:

https://devel.blueonyx.it/trac/log/BlueOnyx/5311R

All things considered: Going on a full rampage to deal with this minor
issue is not worth it at this time.

So here is my road-map for the jQuery v1.7.2 issues on 5209R/5210R/5211R

in the Adminica part of the GUI:

5211R/5210R/5209R Immediate action: Those will (today) receive a YUM
update that obfuscates the version number of the used jQuery. That at
least prevents the run of the mill "security scanners" (aka: "Snake
Oil") from tripping over it.

5211R/5210R Short term action: In January I will release the updated GUI

for 5211R and will then also begin to back-port it to 5210R. This new
GUI will be the default GUI and if Adminica is still present and usable
(as currently planned) I will modify the Adminica jQuery in so far that
modals and tooltips will work with a slightly more modern jQuery.

5209R long term: Won't fix beyond the basic obfuscation of the version
number. Six months before the EOL? Not worth it, given that the issue is
non-exploitable in real world scenarios due to other preventive measures

already present.

--
With best regards

Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20231213/6cea3dfe/attachment.html>

More information about the Blueonyx mailing list