Adding Fade I/O Text Loop (jQuery) to Main Forum Page

peregrine

users could add messages via the dashboard option messages and your plugin could fade based on the infomessage class.

r0obert

@peregrine interesting idea... so basically I can use the addon (newsfader) with Messages, creating the fade effect, right?

I added var quotes = $(".InfoMessage"); in the js file and it works (also removed the h2 elements from master template).

Only problems is I (admin) cannot see the message, I remember I stopped seeing any messages a long time ago, and I think it might have something to do with the fact that I dismissed one message - since then - I couldn't see any messages at all. Other (regular) users can see them. I'm not sure how to fix this, but I really like the idea, thanks!

peregrine

to undismiss message.

you can do two things - delete the old one and recreate it.

or

go into the user table and look at the row pertaining to your user and look at the preferences field

you will see something like this.

"DismissedMessages";a:1:{i:0;s:1:"1";}

you can delete it from preferences , leave the other parts of the preferences alone.

as long as you start from "D in DismissedMessages and go to the first closing bracket } for what you will be deleting.

r0obert

@peregrine that did the trick, thanks again!

Is this js code a potential security risk for my community? I'm just wondering, just in case I'm going to use it on a regular basis from now on.

peregrine

Is this js code a potential security risk for my community? I'm just wondering, just in case I'm going to use it on a regular basis from now on.

all you did was add the fade in and out. that shouldn't be any more of a problem than any other jquery security problems (of which they regularly fix).

the one thing you need to be aware of is what users can input in the text fields (if you allow it). These must be validated and sanitized and would be the only issue.

r0obert

@peregrine you're referring to Garden > Manage > Settings right? I think that's the permission for managing messages, am I right?

hgtonight

@peregrine said:
users could add messages via the dashboard option messages and your plugin could fade based on the infomessage class.

That is a great idea! You could use it to cycle through a few messages which would, at least initially, bring some emphasis to the messages.

Pair it with dismissable messages and you have a win-win for people that don't like animated stuff on their screen.

peregrine

I wouldn't give regular users the ability to add messages.

but a security risk would be any user input field that if you entered

jQuery(document).ready(function($) {
alert("hello")
});

or

<SCRIPT> alert(“XSS”); </SCRIPT>

and when the field displayed an alert box popped up. you would be adding a potential cross-site scripting vulnerability.

https://www.acunetix.com/websitesecurity/cross-site-scripting/

also see an older discussion:

http://vanillaforums.org/discussion/20608/xss-security-vulnerabilities-

r0obert

@hgtonight said:
Pair it with dismissable messages and you have a win-win for people that don't like animated stuff on their screen.

Regarding 'dismiss message' option - I'm not 100% sure that by checking that option users will be able to see the other messages that are currently in 'rotation' - will have to test that.

r0obert

@peregrine said:
I wouldn't give regular users the ability to add messages.

How can I check to see which roles have permissions to add messages and which don't ?

peregrine

manage messages in top grid. if it is checked they can add messages.

How can I check to see which roles have permissions to add messages and which don't ?

as a rule of thumb. whenever adding or writing plugins.

• always log in under each role (create several accounts for yourself - one in each role).
• and check all roles if what you think you have is really what you have (and what you want) and also verify guests and all custom permission categories as well.
• in that way you always know what other people see or have permission to do in their respective roles.

r0obert

The option is checked for LvL 1 Mods, but I logged in with a Moderator account and I cannot add messages.

peregrine

they would also need settings permission as well to get to dashboard.

unless you provide them a link

http://example.com/dashboard/message

peregrine

@r0obert

The option is checked for LvL 1 Mods, but I logged in with a Moderator account and I cannot add messages.

add the code from this tutorial to your plugin if you like

http://vanillaforums.org/discussion/27099/tutorial-how-to-add-an-option-to-the-flyout-menu-in-2-1-and-add-link-in-dashboard-as-well