Nick, good work!
Let's talk about Wiki security.
Can you explain what you expect for that Wiki?
-- Is it important to disable all Jmol JavaScript calling?
-- Do you want to allow standard callbacks but not generic JavaScript
calling?
-- Are there security issues in relation to file reading and writing?
If you need to disable JavaScript entirely, be sure to use
setJmolCallback("mayscript", false)
just prior to the jmolApplet command.
If you want to enable standard callbacks but disable more general
user-generated callbacks, then use instead:
_jmol.noEval = true;
just prior to the jmolApplet command. This options was designed
specifically with wikis in mind.
Also...
Nick Greeves wrote:
>
> The next issue was the path to the file to be loaded - this works.
>
> rect 3 14 103 96 [jmol: load
> /~ng/external/model/pericyclic/claisen58.xyz;wireframe 0.1;spacefill 20%;]
>
It seems odd to me to hardcode the entire path into every load command.
My question here is whether you want to be putting full filepaths in
there like that. I would think all your files would be in one directory,
and if that is true, then it would be better to use
set defaultDirectory "/~ng/external/model"
and then:
rect 3 14 103 96 [jmol: load pericyclic/claisen58.xyz;wireframe
0.1;spacefill 20%;]
How would an editor get the file into that directory in the first place,
by the way?
Bob
> If anyone would like the full version of my patched ImageMap-body.php
> file, just let me know.
>
>> Message: 4
>> Date: Tue, 13 May 2008 11:31:27 +0200
>> From: Paul Pillot <[EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED]>>
>> Subject: Re: [Jmol-users] Image Maps in Jmol wiki
>> To: [email protected]
>> <mailto:[email protected]>
>> Message-ID: <[EMAIL PROTECTED]
>> <mailto:[EMAIL PROTECTED]>>
>> Content-Type: text/plain; charset="iso-8859-1"
>>
>> Hi Nick,
>> in PHP the error log can be confusing... T_VARIABLE just states that
>> there is a missing parentheses or semi colon nearby line 137.
>> I believe that the first 2 lines are now correct after what you added.
>> There might be something wrong with the $title part : there is no
>> closing parenthesis to the strtr function. I don't know what the
>> ';snip;' is for ?
>> IMHO you should give a try to :
>>
>>>> $title = 'javascript:jmolScript(' .
>>>
>>>> Xml::encodeJsVar(
>>>
>>>> 'load ' . strtr(
>>>
>>>> $path,
>>>
>>>> array( ';' => '', ' ' => '' )) .
>>>
>>>> '; snip;'
>>>
>>>> ) . ');';
>>>
>> Paul
>
> All the best
>
> Nick
>
> --
>
> 3D Organic Animations http://www.chemtube3d.com
>
> Tel: +44 (0)151-794-3506 (3500 secretary)
>
>
>
>
>------------------------------------------------------------------------
>
>-------------------------------------------------------------------------
>This SF.net email is sponsored by: Microsoft
>Defy all challenges. Microsoft(R) Visual Studio 2008.
>http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Jmol-users mailing list
>[email protected]
>https://lists.sourceforge.net/lists/listinfo/jmol-users
>
>
--
Robert M. Hanson
Professor of Chemistry
St. Olaf College
Northfield, MN
http://www.stolaf.edu/people/hansonr
If nature does not answer first what we want,
it is better to take what answer we get.
-- Josiah Willard Gibbs, Lecture XXX, Monday, February 5, 1900
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Jmol-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jmol-users
