Hi Mark > Can the script tag be used anywhere during loading, or was that for just for > illustrative purposes?
I was just intending to show the structure of the script tag that is needed, but as it happens one could include such a script tag directly in a $:/tags/RawMarkup tiddler. > If I understand the flow you are suggesting, you wouldn't be able to load > tiddlers on the fly. But you could activate a checklist that would then be > used during the next reload to bring in the tiddlers ?? No, you could load them on the fly: clicking a button would trigger the tm-load-jsonp message, which would then load the tiddlers dynamically. > I feel like the security model is very odd. They don't want you to load data, > but loading actual code is OK? Browsers have, until recently, been relatively laissez fair about continuing with the features that web developers need for testing simple web pages locally via a file:// URI. Just recently, though, new features (like service workers) are restricted in such a way that a local web server is required for development. (By the way, the reason why loading code is safer than data in this context is because JSONP can only be used to read files that (a) one knows the URL and (b) the file contains valid JavaScript that returns a result in a very specific way. Note that the invoking JavaScript code never sees the literal content of file that is loaded, it just sees the results of executing it. So it’s pretty much impossible to use this technique to exfiltrate personal data, whereas a generic capability to read data files where one knows the path would be absolutely devastating). Best wishes Jerwemy. > > Thanks! > Mark > > > On Thursday, November 15, 2018 at 6:53:04 AM UTC-8, Jeremy Ruston wrote: > There is one technique that could be used to accomplish some of what is being > discussed in this thread: JSONP https://en.wikipedia.org/wiki/JSONP > <https://en.wikipedia.org/wiki/JSONP> > > Basically, it would require that tiddlers be stored in .jsonp files like this: > > $tw.wiki.addTiddlers([ > { > "title": "HelloThere", > "text": "Some text" > },{ > "title": "Getting Started", > "text": "Some more text" > } > ]); > > Then, to load tiddler(s) in a particular file, you’d need to use JS to create > a script tag that references that file and insert the script tag into the > DOM. The script tag would look like this: > > <script src="./tiddlers/first-bundle.jsonp"></script> > > In TW5, one might implement the loading via a startup module that handles a > "tm-load-jsonp” message. > > It would be straightforward to make a new exporter template for the JSONP > format. > > Best wishes > > Jeremy > > >> On 15 Nov 2018, at 04:12, TonyM <anthony...@ <>gmail.com >> <http://gmail.com/>> wrote: >> >> Am 14.11.2018 um 04:41 schrieb TonyM: >> > Are the tid filenames already known? >> For posts it would be good to import all tids in a folder I think this >> is most practical for most usecases. >> The problem is the tiddlywiki needs to find the file names, if it knows them >> in advance it may be easier >> > What if you could see the content in the files without importing them? >> I knowThis could be realized by php...but in most cases I would need >> work with the files in the wiki. >> Did you know this displays the content of a tid file ? <embed >> src="2018-11-15.tid"> >> I have not yet worked out how to use this, but creating a new tiddler with >> the text set to {{Test include}} may work >> > Do you want a directory list to select from? >> This would be great! >> To me we can either have a file server (Eg TiddlyServer) or another that >> allows you to view and import from the list of files as URLs' >> Or we can import them into a tiddler using another tool from which you can >> select the files to import. >> > How do the tid files get there in the first place? >> Mostly uploaded by my php-upload mechanism. Maybe some uploaded by me >> vía ftp >> this means you can dictate the naming standard so you should be able to >> match this with your tiddlywiki >> > How are you serving the tiddlywiki or is it in a file folder? >> Html File from webdirectory >> How are you making your tiddlywiki savable? >> >> > Do you want a button that on clicking imports a known tid file in the >> > current directory? >> > >> Yeah! ...and all unknown .tids & .jsons in the directory as well. In my >> case they are automatically tagged and there is a filter against <code> >> so that they could be imported without risk... >> If all your tids were in a known json filename you could import them >> regardless of their actual tiddler name. >> >> >> >> > To Mark's reply: >> >> I guessed that there were security reasons... but are these >> browser-restrictions? What is the difference form the existing >> export-mecahnisms? And why is this more dangerous than the drag n drop >> import way? >> >> A drag and drop import is you, interactively opening things you have a right >> to, selecting and placing, Where as if you want to ask tiddlywiki (weather >> or not its you) to do it, or the server will be doing it with its rights, >> you do not want to give these rights to the users trying to hack your site. >> >> I have not yet resolved this serious security risk with tiddlywiki. In other >> websites it is important to ensure no edit field allows someone to insert >> HTML otherwise this is an avenue to hack your site, tiddlywiki allows this >> by design. So any one that can save a wiki can do almost anything especially >> if they add java script via a plugin. They could even redirect you to >> another site that is a copy of yours which accepts your password, logs it >> and returns you to your site, thus acquiring your password. >> >> So thanks and let's work on this! >> >> Yours Jan >> >> I would like to know if we can get content from <embed src="2018-11-15.tid"> >> and turn it into saved content. This would be a way of Importing known >> tiddler/json fiels >> Currently we can read it but even wikify can't turn it into text. >> >> >> I am not negative about this, I believe there is a way, but we need some >> innovative use of what is available to us. >> Regards >> Tony >> >> -- >> You received this message because you are subscribed to the Google Groups >> "TiddlyWiki" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to tiddlywiki+...@ <>googlegroups.com <http://googlegroups.com/>. >> To post to this group, send email to tiddl...@ <>googlegroups.com >> <http://googlegroups.com/>. >> Visit this group at https://groups.google.com/group/tiddlywiki >> <https://groups.google.com/group/tiddlywiki>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/tiddlywiki/0bef0f79-4a78-4ce3-82a7-852a671cd404%40googlegroups.com >> >> <https://groups.google.com/d/msgid/tiddlywiki/0bef0f79-4a78-4ce3-82a7-852a671cd404%40googlegroups.com?utm_medium=email&utm_source=footer>. >> For more options, visit https://groups.google.com/d/optout >> <https://groups.google.com/d/optout>. > > > -- > You received this message because you are subscribed to the Google Groups > "TiddlyWiki" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > Visit this group at https://groups.google.com/group/tiddlywiki > <https://groups.google.com/group/tiddlywiki>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tiddlywiki/5f7bc9fd-330b-4e7e-819b-fcb26d818ebe%40googlegroups.com > > <https://groups.google.com/d/msgid/tiddlywiki/5f7bc9fd-330b-4e7e-819b-fcb26d818ebe%40googlegroups.com?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/A1C2E9AE-2AAA-4986-AA7C-FBDC70C4B485%40gmail.com. For more options, visit https://groups.google.com/d/optout.
