Hi Jeremy, Can the script tag be used anywhere during loading, or was that for just for illustrative purposes?
If I understand the flow you are suggesting, you wouldn't be able to load tiddlers on the fly. But you could activate a checklist that would then be used during the next reload to bring in the tiddlers ?? I feel like the security model is very odd. They don't want you to load *data*, but loading actual *code* is OK*?* Thanks! Mark On Thursday, November 15, 2018 at 6:53:04 AM UTC-8, Jeremy Ruston wrote: > > There is one technique that could be used to accomplish some of what is > being discussed in this thread: JSONP https://en.wikipedia.org/wiki/JSONP > > Basically, it would require that tiddlers be stored in .jsonp files like > this: > > $tw.wiki.addTiddlers([ > { > "title": "HelloThere", > "text": "Some text" > },{ > "title": "Getting Started", > "text": "Some more text" > } > ]); > > > Then, to load tiddler(s) in a particular file, you’d need to use JS to > create a script tag that references that file and insert the script tag > into the DOM. The script tag would look like this: > > <script src="./tiddlers/first-bundle.jsonp"></script> > > > In TW5, one might implement the loading via a startup module that handles > a "tm-load-jsonp” message. > > It would be straightforward to make a new exporter template for the JSONP > format. > > Best wishes > > Jeremy > > > On 15 Nov 2018, at 04:12, TonyM <anthony...@gmail.com <javascript:>> > wrote: > > Am 14.11.2018 um 04:41 schrieb TonyM: >> > Are the tid filenames already known? >> For posts it would be good to import all tids in a folder I think this >> is most practical for most usecases. >> > The problem is the tiddlywiki needs to find the file names, if it knows > them in advance it may be easier > >> > What if you could see the content in the files without importing them? >> I knowThis could be realized by php...but in most cases I would need >> work with the files in the wiki. >> > Did you know this displays the content of a tid file ? <embed > src="2018-11-15.tid"> > I have not yet worked out how to use this, but creating a new tiddler with > the text set to {{Test include}} may work > >> > Do you want a directory list to select from? >> This would be great! >> > To me we can either have a file server (Eg TiddlyServer) or another that > allows you to view and import from the list of files as URLs' > Or we can import them into a tiddler using another tool from which you can > select the files to import. > >> > How do the tid files get there in the first place? >> Mostly uploaded by my php-upload mechanism. Maybe some uploaded by me >> vía ftp >> > this means you can dictate the naming standard so you should be able to > match this with your tiddlywiki > >> > How are you serving the tiddlywiki or is it in a file folder? >> Html File from webdirectory > > How are you making your tiddlywiki savable? > >> >> > Do you want a button that on clicking imports a known tid file in the >> current directory? >> > >> Yeah! ...and all unknown .tids & .jsons in the directory as well. In my >> case they are automatically tagged and there is a filter against <code> >> so that they could be imported without risk... > > If all your tids were in a known json filename you could import them > regardless of their actual tiddler name. > > >> >> >> > To Mark's reply: >> >> I guessed that there were security reasons... but are these >> browser-restrictions? What is the difference form the existing >> export-mecahnisms? And why is this more dangerous than the drag n drop >> import way? >> >> A drag and drop import is you, interactively opening things you have a > right to, selecting and placing, Where as if you want to ask tiddlywiki > (weather or not its you) to do it, or the server will be doing it with its > rights, you do not want to give these rights to the users trying to hack > your site. > > I have not yet resolved this serious security risk with tiddlywiki. In > other websites it is important to ensure no edit field allows someone to > insert HTML otherwise this is an avenue to hack your site, tiddlywiki > allows this by design. So any one that can save a wiki can do almost > anything especially if they add java script via a plugin. They could even > redirect you to another site that is a copy of yours which accepts your > password, logs it and returns you to your site, thus acquiring your > password. > >> >> So thanks and let's work on this! >> >> Yours Jan >> > > I would like to know if we can get content from <embed > src="2018-11-15.tid"> and turn it into saved content. This would be a way > of Importing known tiddler/json fiels > Currently we can read it but even wikify can't turn it into text. > > > I am not negative about this, I believe there is a way, but we need some > innovative use of what is available to us. > Regards > Tony > > -- > You received this message because you are subscribed to the Google Groups > "TiddlyWiki" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to tiddlywiki+...@googlegroups.com <javascript:>. > To post to this group, send email to tiddl...@googlegroups.com > <javascript:>. > Visit this group at https://groups.google.com/group/tiddlywiki. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tiddlywiki/0bef0f79-4a78-4ce3-82a7-852a671cd404%40googlegroups.com > > <https://groups.google.com/d/msgid/tiddlywiki/0bef0f79-4a78-4ce3-82a7-852a671cd404%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To post to this group, send email to tiddlywiki@googlegroups.com. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/5f7bc9fd-330b-4e7e-819b-fcb26d818ebe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.