1. #1
    Ext User
    Join Date
    Mar 2008
    Posts
    8
    Vote Rating
    0
    skandragon is on a distinguished road

      0  

    Default http://extjs.com/s.gif

    http://extjs.com/s.gif


    I found this in the source code:

    BLANK_IMAGE_URL:"http:/"+"/extjs.com/s.gif"

    Can someone explain what the BLANK_IMAGE_URL is used for, and why the developers felt it necessary to make it harder to find by splitting the string?

    I don't mind "call home" code if it can be disabled, but I think it's outright rude to put this in without making it optional, and without it being documented.
    -->

  2. #2
    Sencha - Ext JS Dev Team evant's Avatar
    Join Date
    Apr 2007
    Location
    Sydney, Australia
    Posts
    17,000
    Vote Rating
    650
    evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute

      0  
    -->

  3. #3
    Sencha User jack.slocum's Avatar
    Join Date
    Mar 2007
    Location
    Tampa, FL
    Posts
    6,955
    Vote Rating
    17
    jack.slocum will become famous soon enough jack.slocum will become famous soon enough

      0  

    Default


    Please give the forums a search before posting. You may also wish to check out the FAQ.

    The string is split to avoid a bug in the comment stripper we use which thinks http:// is a comment.
    Jack Slocum
    Ext JS Founder
    Original author of Ext JS 1, 2 & 3.
    Twitter: @jackslocum
    jack@extjs.com
    -->

  4. #4
    Ext User
    Join Date
    Mar 2008
    Posts
    8
    Vote Rating
    0
    skandragon is on a distinguished road

      0  

    Default


    Actually, I did, but s.gif gets a LOT of hits.
    -->

  5. #5
    Ext User
    Join Date
    Mar 2008
    Posts
    8
    Vote Rating
    0
    skandragon is on a distinguished road

      0  

    Default


    BTW, it seems it might be better to assume ../images works, as the css files do. After all, they are all hard-coded as ../images/... paths.

    OR fail to run unless the path is set properly.
    -->

  6. #6
    Sencha - Ext JS Dev Team evant's Avatar
    Join Date
    Apr 2007
    Location
    Sydney, Australia
    Posts
    17,000
    Vote Rating
    650
    evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute

      0  

    Default


    That's different. You can't assume people are putting it in ../ or /, as it says in the FAQ. You'd end up getting the opposite problem with people posting saying how "everything looks weird" and we'd be pointing them to the same FAQ item.

    Similarly, failure to run isn't really a good idea. A lot of people would say "why is this happening" and just stop using it.

    The best out of the box solution is to have it "just work." Those that are concerned will fix it as they need to.
    -->

  7. #7
    Ext User
    Join Date
    Mar 2008
    Posts
    8
    Vote Rating
    0
    skandragon is on a distinguished road

      0  

    Default


    It's hard to fix something that isn't known to be broken. I found it by watching my outgoing traffic in firefox. There's got to be a better way.

    The css files DO use ../image as a prefix, so some hard-coding is apparently ok.

    Lastly, if every example set this, and tutorials all mentioned it, perhaps this would not have been a shock.

    I'm not tossing blame here, and I'm sorry I jumped on the issue as evil-call-home stuff. That said, as a developer and privacy fanatic I would rather not have my development URLs spread across the world in the form of referring URLs to http://extjs.com/. I would rather have the application get nothing and look bad -- or have a message that says "You forgot to set Ext.BLANK_IMAGE_URL, you dolt!" appear in my web page than have it fetch an external file.
    -->

  8. #8
    Sencha - Ext JS Dev Team evant's Avatar
    Join Date
    Apr 2007
    Location
    Sydney, Australia
    Posts
    17,000
    Vote Rating
    650
    evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute evant has a reputation beyond repute

      0  

    Default


    It's slightly different for CSS. The by using ../, it assumes that the /css and /images folders will be side by side. It makes no assumption about where the folders will sit on the server.

    The issue has been discussed a fair amount of times (maybe 50 or so posts?), however the majority of people don't really care and it doesn't impact them. For those that do, it's pretty easy to fix. The possibility of a warning message might be ok, but it could still put some users off.
    -->

  9. #9
    Sencha User Phunky's Avatar
    Join Date
    Jun 2007
    Location
    West Yorkshire
    Posts
    341
    Vote Rating
    0
    Phunky is on a distinguished road

      0  

    Default


    I dont get what the big deal is

    My code links to extjs.com/s.gif

    Somewhere at the top of your code you should place a line like the following one, that tells Ext where to find the empty image it needs for some widgets (preferably from your own server/domain). Modify the URL as needed:
    So change the URL to you're site domain and where you are hosting the s.gif you seem to think its been placed there for tracking of ExtJS use, which is totally wrong...
    -->

  10. #10
    Ext User
    Join Date
    Mar 2008
    Posts
    8
    Vote Rating
    0
    skandragon is on a distinguished road

      0  

    Default


    Quote Originally Posted by evant View Post
    The issue has been discussed a fair amount of times (maybe 50 or so posts?), however the majority of people don't really care and it doesn't impact them. For those that do, it's pretty easy to fix. The possibility of a warning message might be ok, but it could still put some users off.
    Compared to the security hole I consider it... At least a privacy issue it is, I'd choose the warning message.

    Please don't make me have to send in a CERT on this. There have been other information leaks like this in other frameworks that seem harmless on the surface but leak EVERY url in a web server unless someone notices the issue. This is no different than those.
    -->