I am not so sure about the security running javascript in iframes. Everywhere we are told, that we should sandbox the iframe for that reason. I am not the one to know anything about it - I am just worried.
It is all about knowing what we are doing - and I am not in the know. Birthe On Monday, August 16, 2021 at 3:21:31 PM UTC+2 cj.v...@gmail.com wrote: > Yeah, for sure a backdoor way to get javascript into TW, I'm assuming safe > (i.e. TiddlyWiki knows nothing about the javascript in the iFrame, and the > javascript in the iFrame knows nothing about the javascript. > > So should be a nice little sandbox. > > On Monday, August 16, 2021 at 6:54:15 AM UTC-3 Mohammad wrote: > >> Charlie >> >> I assume this is a very clever solution! >> Can we say this is a backdoor to inject JS into TW. >> Of course I am not familiar with iframe features in TW! >> >> >> Best wishes >> Mohammad >> >> >> On Mon, Aug 16, 2021 at 6:57 AM Charlie Veniot <cj.v...@gmail.com> wrote: >> >>> I don't know what made me think of this. >>> >>> In case this has not been brought up in a while (I doubt this is new to >>> seasoned folk) ... >>> >>> I was thinking: could I use an iFrame to include simple javascript in a >>> tiddler without getting into macros or plugins that enable javascript. >>> >>> And, if I could, then could I set things up so that the iFrame is >>> showing javascript dynamically created by the tiddler ? >>> >>> So here is a way to show a digital clock in TiddlyWiki, for >>> non-programmers who just want to copy and paste javascript code from the >>> web without figuring out how the javascript code works : >>> >>> Put this in a brand new tiddler: >>> >>> *<$vars* *vSrcDoc*={{{ [[<body> <div id="clockDiv"></div> <script> >>> let clockEl = document.getElementById("clockDiv"); function >>> getClockTime() { let date = new Date(); let hr = >>> date.getHours(); let min = date.getMinutes(); let sec = >>> date.getSeconds(); hr = ("0" + hr).slice(-2); min = ("0" + >>> min).slice(-2); sec = ("0" + sec).slice(-2); clockEl.innerHTML = >>> `${hr}:${min}:${sec}`; } setInterval(getClockTime, 1000); >>> </script></body>]] }}}*>* >>> *<iframe* srcdoc=*<<vSrcDoc>>* style="border:none;width:100%;" >>> *></iframe>* >>> *</$vars>* >>> >>> Sneaky sneaky, has me wondering what kind of other fun things could be >>> done... >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "TiddlyWiki" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to tiddlywiki+...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/tiddlywiki/cb08b664-8cc9-4531-bd25-783463ebbef4n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/tiddlywiki/cb08b664-8cc9-4531-bd25-783463ebbef4n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/d3de9dc4-724b-4bbd-9996-def1466ef046n%40googlegroups.com.