Skip to Content.
Sympa Menu

cat-users - Re: [[cat-users]] CAT website design

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] CAT website design


Chronological Thread 
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • Cc: eduroam CAT Feedback <cat-users AT lists.geant.org>
  • Subject: Re: [[cat-users]] CAT website design
  • Date: Fri, 18 Dec 2015 13:45:59 +0100
  • Openpgp: id=AD3091F3AB24E05F4F722C03C0DE6A358A39DC66; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Hello,

> "Skinning the CAT" would be a good thing. I totally agree that UI and
> backend are two different things and there are very good reasons to stick
> to one backend.
>
> Probably you should, exept for federation logo's, allow (a certain amount
> of) CSS. CSS would allow administrators to control almost every visible
> detail on the site, and minimalize the risk of breaking functionality.

just to let you know that we've started coding towards different skins now.

trunk code allows to specify some federation properties like logo and
name of the NRO, and even a "preferred skin" (even though there is still
only one to work with at this point). On one hand, we'll use this data
to spice up the default end user download page with NRO specific
information, on the other hand it can also be pulled via the API at some
point so a third-party UI can be tuned for multiple NROs using it.

I'm in the middle of adding custom CSS support as well, but could use
some community input around that.

It is technically simple to allow uploading an arbitrary CSS file,
syntax checking it (reject if it is broken of course), and then
embedding it in the end user area.

What I am less sure about is the security aspect. CSS can change many
aspects of a website. I wonder if it is safe to allow "everything" in
the uploaded CSS or not. XSS attacks come to mind at the very least...

Your parentheses "a certain amount of" seems to point in that same
direction.

Any and all inputs regarding "how much CSS is good for your health" :-)
in that respect are appreciated. It's not really a cat-users topic any
more though; please reply-to only to cat-devel.

Greetings,

Stefan Winter

--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature



  • Re: [[cat-users]] CAT website design, Stefan Winter, 12/18/2015

Archive powered by MHonArc 2.6.19.

Top of Page