Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#5436 closed defect (wontfix)

without javascript the message preview button sends the message

Reported by: aseerel4c26 Owned by: rails-dev@…
Priority: minor Milestone:
Component: website Version:
Keywords: UI messaging privacy Cc:

Description

  1. Use Firefox with Javascript disabled
  2. On https://www.openstreetmap.org/message/new/$whateverusernamehere
  3. type in a subject and message.
  4. Click "preview"

Actual: sends the message. Expected: preview is shown or nothing happens

This could lead to unintended disclosure of private details or at least half-finished messages being sent.

Thank you!

Change History (2)

comment:1 Changed 3 years ago by Tom Hughes

Resolution: wontfix
Status: newclosed

Well the whole website basically doesn't work without javascript - I mean the front page just become a big "javascript disabled" banner. So it seems highly unlikely that anybody will be visiting a page like that without javascript enabled.

Basically we assume javascript is enabled as a matter of policy and make only minimal efforts (like the aforementioned banner) to fallback.

comment:2 Changed 3 years ago by aseerel4c26

Okay, thanks for your comment, Tom.

Well, the described scenario was not imagined. Due to a recent browser security hole I was surfing the webpage without JavaScript? - and writing messages and editing via JOSM works fine that way. :-)

Okay, if you see no easy way to just disable the preview button when JS is not active, yes, then - scrap this bug report.

Note: See TracTickets for help on using tickets.