Hi Finn
> On 16 Aug 2021, at 17:22, Finn Lancaster wrote:
>
> I don't have much experience with JS macros in TW, but I can imagine it would
> be the same, especially if there is no sanitisation whatsoever. As to
> eliminating iframes, normally there is no way to break-out of it. However, in
I am not so sure about the security running javascript in iframes.
Everywhere we are told, that we should sandbox the iframe for that reason.
I am not the one to know anything about it - I am just worried.
It is all about knowing what we are doing - and I am not in the know.
Birthe
On Monday,
Yeah, for sure a backdoor way to get javascript into TW, I'm assuming safe
(i.e. TiddlyWiki knows nothing about the javascript in the iFrame, and the
javascript in the iFrame knows nothing about the javascript.
So should be a nice little sandbox.
On Monday, August 16, 2021 at 6:54:15 AM UTC-3
Charlie
I assume this is a very clever solution!
Can we say this is a backdoor to inject JS into TW.
Of course I am not familiar with iframe features in TW!
Best wishes
Mohammad
On Mon, Aug 16, 2021 at 6:57 AM Charlie Veniot wrote:
> I don't know what made me think of this.
>
> In case
I don't know what made me think of this.
In case this has not been brought up in a while (I doubt this is new to
seasoned folk) ...
I was thinking: could I use an iFrame to include simple javascript in a
tiddler without getting into macros or plugins that enable javascript.
And, if I could,
5 matches
Mail list logo