Hi Jeremy, Thanks for your quick answer. I share your concerns about javascript and safety issues for TW5, and your design choices for the core.
I'll try to have a better understanding of TW5, macros and plugins. About such a widget that could "clone" InlineJavascriptPlugin, of course it had to be outside of the core. For the moment I still believe it could be useful in a certain amount of cases. Unfortunately it's beyond my skills in javascript and my understanding of TW to write such a widget for now ... Thanks again for yours explanations. FrD Le lundi 20 janvier 2014 14:05:15 UTC+1, Jeremy Ruston a écrit : > > There's a few points for me about user-written JavaScript in TW5: > > * The ability to create JavaScript macros is built into the core, and > they're pretty straightforward to write. I made some improvements to the > docs here: > > > https://github.com/Jermolene/TiddlyWiki5/blob/master/editions/tw5.com/tiddlers/dev/JavaScript%20Macros.tid > > * It's not possible to properly sandbox JavaScript code in the browser. In > a shared environment the only safe option is to whitelist JavaScript that > you trust. > > * Once logic in wikitext or a filter exceeds a threshold of complexity, > then I think it makes sense for that logic to be expressed as JS. This is > helpful, as it frees us a little to keep TW's native syntaxes focussed on > the common use cases, without having to worry about every last corner case > > * JavaScript code can be malicious and/or buggy. To provide safety we need > to be able to be very selective about which bits of JavaScript get > executed. This makes me favour rigorously separating executable JavaScript > so that it has to be in a TW5 module, and disallowing inline JavaScript > > But those considerations are all with regards to the core. I've absolutely > no problem with a plugin for TW5 that cloned the old TW Classic inline > javascript plugin. It's a virtue of TiddlyWiki that there's really no > limits beyond those imposed by the browser to what an individual can do > with it; the job of the core is to establish a common, useful, safe core of > functionality that is suitable for all users. The job of plugins is to meet > requirements that don't fit in the core, or are antithetical to the goals > of the core. > > Best wishes > > Jeremy > > > > On Mon, Jan 20, 2014 at 9:47 AM, FrD <[email protected] <javascript:>>wrote: > >> Hi ! >> >> I'm considering the migration of some of my TWcs to TW5. >> When I began using TWc I quickly understood that I could extend its >> capabilities if I could learn javascript. >> So I had to dive in javascript and it was not easy for me but it was fun >> (still is !). >> >> I then made an extensive use of InlineJavascriptPlugin from Eric Shulman ( >> http://www.tiddlytools.com/) and even wrot some plugins. >> Some tiddlers in my TWcs include text, tables, ... and scripts. Some >> tiddlers are repositories for scripts and I use these scripts with >> transclusion in other tiddlers (for instance <<tiddler >> RepositoryTiddler##Script1>>). >> >> I understand that TW5 widgets will solve at least 80% of my problems with >> scripts (with some re-engineering ...). >> But I believe there could be some use for some specialized scripts in TW5 >> : >> - in some cases the wikitext expression with widgets and/or filters can >> be very complicated, as much as or more than a javascript expression, >> - I sometimes use some elementary math with data inside a tiddler. I'm >> not aware of tools in TW5 that allow some calculus with tiddler fields, but >> it could be a lack of understanding from me. >> In TWc I get the values from the fields or the data objects, use >> parseInt() or parseFloat(), do the math and put the values back in fields >> (or data objects). >> >> Although I know it's not quite the positioning Jeremy wants for TW5 (and >> I mostly agree with him) I would be delighted to >> be able to insert some simple scripts in a tiddler, some kind of a port >> of InlineJavascriptPlugin as a widget. >> >> This widget could be (or not) triggered by a button, and have at least >> one attribute : the javascript code. >> <$javascript code="here comes the code or a the transclusion of a tiddler >> containing javascript code ..." /> >> The widget could access some elements like currentTiddler and others (?) >> (just like the "place" variable, which is a DOM element, is accessed in >> TWc), >> and use some internal functions of TW5 (even some functions defined by >> widgets ?) >> It could also be "sandboxed" and have only limited acces to the internals >> of TW5 ... >> >> Maybe Eric is already working on this -:). >> >> What do you think ? >> >> Thanks in advance for your comments. >> >> FrD >> >> -- >> You received this message because you are subscribed to the Google Groups >> "TiddlyWiki" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected]<javascript:> >> . >> Visit this group at http://groups.google.com/group/tiddlywiki. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > > > -- > Jeremy Ruston > mailto:[email protected] <javascript:> > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/tiddlywiki. For more options, visit https://groups.google.com/groups/opt_out.
