Apologies, it was miscommunication within Osmosoft that led to the change being pushed too quickly.
We'll create a plugin that people can use to re-enable computed macro parameters within a particular space. This will only be a temporary workaround, because the plugin will not be included into other spaces when "safe inclusion" is used to filter out systemConfig plugins. Thus, any content published from the space that relies on computed macro parameters will not be processed correctly. I'll respond shortly to Tobias' message with more background to the change. Best wishes Jeremy On Tuesday, September 21, 2010, PMario <[email protected]> wrote: > Hi, > I understand the issue, and totally agree, that it is/will be needed. > But a little bit more time to fix/adjust existing spaces, would have > been nice. > -m > PS: The following page template definition still seems to work. > > <div macro='hideWhen {{ > var tid=store.getTiddler("CSidebarTools"); > tid.tags.contains("hide");}}'> > <div id='sidebarTools' class='box' refresh='content' force='true' > tiddler='CSidebarTools'></div> > </div> > > > On Sep 21, 6:01 pm, Jeremy Ruston <[email protected]> wrote: >> It's worth drawing attention to a recent change we've made to the >> TiddlySpace core that will soon filter out to tiddlyspace.com: >> >> http://github.com/TiddlySpace/tiddlyspace/commit/90730c3fbc23fc597836... >> >> The change disables the use of TiddlyWiki's computer macro parameters >> within TiddlySpace. This means that macros that use computed >> JavaScript parameters like this will no longer work: >> >> <<tiddler {{tiddler.title + "_notes"}}>> >> >> The change is part of a range of measures that we need to take to make >> TiddlySpace more secure. >> >> The fundamental issue is that TiddlySpace is an environment for >> sharing both code and content. The ability for users to share code is >> powerful, and one of the things that I think has led to TiddlyWiki's >> success. But it can also present dangers, particularly in the hands of >> the malicious or the inexperienced. >> >> For example, a malicious user could entice users to include a space >> that includes code that "steals" the users private data and sends it >> back to the attacker. >> >> In a system that is designed for sharing code we don't believe that >> this problem can be solved entirely within the technical domain. The >> intention instead is to also address it in the social domain, such >> that users will be able to use the social features of TiddlySpace to >> discover spaces and plugins that are safe to use. >> >> However, there are still technical steps that need to be taken in >> order for that to work. In particular, the system needs to be able to >> identify all the vectors through which a malicious attacker could >> inject malicious code into a space. >> >> It's straightforward to detect plugins by looking for the systemConfig >> tag. Accordingly, future versions of TiddlySpace will enable users to >> optionally filter out plugins when they include a space. Less obvious >> vectors include: >> - Computed macro parameters >> - <script> tags and event handlers within <HTML> blocks >> >> We'll address the latter problem soon, but we felt that it was worth >> drawing this change to everyone's attention now, and encourage people >> to prepare for TiddlySpace by exploring alternative approaches. >> >> Cheers >> >> Jeremy >> >> -- >> Jeremy Ruston >> mailto:[email protected]://www.tiddlywiki.com > > -- > You received this message because you are subscribed to the Google Groups > "TiddlyWiki" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/tiddlywiki?hl=en. > > -- Jeremy Ruston mailto:[email protected] http://www.tiddlywiki.com -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/tiddlywiki?hl=en.
