I am not so sure about the security running javascript in iframes.
Everywhere we are told, that we should sandbox the iframe for that reason.
I am not the one to know anything about it - I am just worried.
It is all about knowing what we are doing - and I am not in the know.
Birthe
On Monday, August 16, 2021 at 3:21:31 PM UTC+2 cj.v...@gmail.com wrote:
> Yeah, for sure a backdoor way to get javascript into TW, I'm assuming safe
> (i.e. TiddlyWiki knows nothing about the javascript in the iFrame, and the
> javascript in the iFrame knows nothing about the javascript.
>
> So should be a nice little sandbox.
>
> On Monday, August 16, 2021 at 6:54:15 AM UTC-3 Mohammad wrote:
>
>> Charlie
>>
>> I assume this is a very clever solution!
>> Can we say this is a backdoor to inject JS into TW.
>> Of course I am not familiar with iframe features in TW!
>>
>>
>> Best wishes
>> Mohammad
>>
>>
>> On Mon, Aug 16, 2021 at 6:57 AM Charlie Veniot <cj.v...@gmail.com> wrote:
>>
>>> I don't know what made me think of this.
>>>
>>> In case this has not been brought up in a while (I doubt this is new to
>>> seasoned folk) ...
>>>
>>> I was thinking: could I use an iFrame to include simple javascript in a
>>> tiddler without getting into macros or plugins that enable javascript.
>>>
>>> And, if I could, then could I set things up so that the iFrame is
>>> showing javascript dynamically created by the tiddler ?
>>>
>>> So here is a way to show a digital clock in TiddlyWiki, for
>>> non-programmers who just want to copy and paste javascript code from the
>>> web without figuring out how the javascript code works :
>>>
>>> Put this in a brand new tiddler:
>>>
>>> *<$vars* *vSrcDoc*={{{ [[<body> <div id="clockDiv"></div> <script>
>>> let clockEl = document.getElementById("clockDiv"); function
>>> getClockTime() { let date = new Date(); let hr =
>>> date.getHours(); let min = date.getMinutes(); let sec =
>>> date.getSeconds(); hr = ("0" + hr).slice(-2); min = ("0" +
>>> min).slice(-2); sec = ("0" + sec).slice(-2); clockEl.innerHTML =
>>> `${hr}:${min}:${sec}`; } setInterval(getClockTime, 1000);
>>> </script></body>]] }}}*>*
>>> *<iframe* srcdoc=*<<vSrcDoc>>* style="border:none;width:100%;"
>>> *></iframe>*
>>> *</$vars>*
>>>
>>> Sneaky sneaky, has me wondering what kind of other fun things could be
>>> done...
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "TiddlyWiki" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to tiddlywiki+...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/tiddlywiki/cb08b664-8cc9-4531-bd25-783463ebbef4n%40googlegroups.com
>>>
>>> <https://groups.google.com/d/msgid/tiddlywiki/cb08b664-8cc9-4531-bd25-783463ebbef4n%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to tiddlywiki+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tiddlywiki/d3de9dc4-724b-4bbd-9996-def1466ef046n%40googlegroups.com.
