Hi Jan, No, sadly, the technique requires you to know the pathname of the file in advance.
Best wishes Jeremy -- Jeremy Ruston [email protected] https://jermolene.com > On 16 Nov 2018, at 13:58, Jan <[email protected]> wrote: > > Hi Jeremy, > thanks for this idea! > I would love to have this mechanism - and a jsonp-tiddler creator, because > this is what I would need for a php-upload-mechanism. > As I guess, <script src="./tiddlers/first-bundle.jsonp"></script> would apply > to one special file with a known title, would it be possible to get a list of > all files in a directory and choose which one to download? > > best wishes, > Jan > >> Am 15.11.2018 um 22:37 schrieb Jeremy Ruston: >> Hi Mark >> >>> Can the script tag be used anywhere during loading, or was that for just >>> for illustrative purposes? >> >> I was just intending to show the structure of the script tag that is >> needed, but as it happens one could include such a script tag directly in a >> $:/tags/RawMarkup tiddler. >> >>> If I understand the flow you are suggesting, you wouldn't be able to load >>> tiddlers on the fly. But you could activate a checklist that would then be >>> used during the next reload to bring in the tiddlers ?? >> >> No, you could load them on the fly: clicking a button would trigger the >> tm-load-jsonp message, which would then load the tiddlers dynamically. >> >>> I feel like the security model is very odd. They don't want you to load >>> data, but loading actual code is OK? >> >> Browsers have, until recently, been relatively laissez fair about continuing >> with the features that web developers need for testing simple web pages >> locally via a file:// URI. Just recently, though, new features (like service >> workers) are restricted in such a way that a local web server is required >> for development. >> >> (By the way, the reason why loading code is safer than data in this context >> is because JSONP can only be used to read files that (a) one knows the URL >> and (b) the file contains valid JavaScript that returns a result in a very >> specific way. Note that the invoking JavaScript code never sees the literal >> content of file that is loaded, it just sees the results of executing it. So >> it’s pretty much impossible to use this technique to exfiltrate personal >> data, whereas a generic capability to read data files where one knows the >> path would be absolutely devastating). >> >> Best wishes >> >> Jerwemy. >> >>> >>> Thanks! >>> Mark >>> >>> >>>> On Thursday, November 15, 2018 at 6:53:04 AM UTC-8, Jeremy Ruston wrote: >>>> There is one technique that could be used to accomplish some of what is >>>> being discussed in this thread: JSONP https://en.wikipedia.org/wiki/JSONP >>>> >>>> Basically, it would require that tiddlers be stored in .jsonp files like >>>> this: >>>> >>>> $tw.wiki.addTiddlers([ >>>> { >>>> "title": "HelloThere", >>>> "text": "Some text" >>>> },{ >>>> "title": "Getting Started", >>>> "text": "Some more text" >>>> } >>>> ]); >>>> >>>> Then, to load tiddler(s) in a particular file, you’d need to use JS to >>>> create a script tag that references that file and insert the script tag >>>> into the DOM. The script tag would look like this: >>>> >>>> <script src="./tiddlers/first-bundle.jsonp"></script> >>>> >>>> In TW5, one might implement the loading via a startup module that handles >>>> a "tm-load-jsonp” message. >>>> >>>> It would be straightforward to make a new exporter template for the JSONP >>>> format. >>>> >>>> Best wishes >>>> >>>> Jeremy >>>> >>>> >>>>> On 15 Nov 2018, at 04:12, TonyM <[email protected]> wrote: >>>>> >>>>>> Am 14.11.2018 um 04:41 schrieb TonyM: >>>>>> > Are the tid filenames already known? >>>>>> For posts it would be good to import all tids in a folder I think this >>>>>> is most practical for most usecases. >>>>> The problem is the tiddlywiki needs to find the file names, if it knows >>>>> them in advance it may be easier >>>>>> > What if you could see the content in the files without importing them? >>>>>> I knowThis could be realized by php...but in most cases I would need >>>>>> work with the files in the wiki. >>>>> Did you know this displays the content of a tid file ? <embed >>>>> src="2018-11-15.tid"> >>>>> I have not yet worked out how to use this, but creating a new tiddler >>>>> with the text set to {{Test include}} may work >>>>>> > Do you want a directory list to select from? >>>>>> This would be great! >>>>> To me we can either have a file server (Eg TiddlyServer) or another that >>>>> allows you to view and import from the list of files as URLs' >>>>> Or we can import them into a tiddler using another tool from which you >>>>> can select the files to import. >>>>>> > How do the tid files get there in the first place? >>>>>> Mostly uploaded by my php-upload mechanism. Maybe some uploaded by me >>>>>> vía ftp >>>>> this means you can dictate the naming standard so you should be able to >>>>> match this with your tiddlywiki >>>>>> > How are you serving the tiddlywiki or is it in a file folder? >>>>>> Html File from webdirectory >>>>> How are you making your tiddlywiki savable? >>>>>> >>>>>> > Do you want a button that on clicking imports a known tid file in the >>>>>> > current directory? >>>>>> > >>>>>> Yeah! ...and all unknown .tids & .jsons in the directory as well. In my >>>>>> case they are automatically tagged and there is a filter against <code> >>>>>> so that they could be imported without risk... >>>>> If all your tids were in a known json filename you could import them >>>>> regardless of their actual tiddler name. >>>>> >>>>>> >>>>>> >>>>>> > To Mark's reply: >>>>>> >>>>>> I guessed that there were security reasons... but are these >>>>>> browser-restrictions? What is the difference form the existing >>>>>> export-mecahnisms? And why is this more dangerous than the drag n drop >>>>>> import way? >>>>>> >>>>> A drag and drop import is you, interactively opening things you have a >>>>> right to, selecting and placing, Where as if you want to ask tiddlywiki >>>>> (weather or not its you) to do it, or the server will be doing it with >>>>> its rights, you do not want to give these rights to the users trying to >>>>> hack your site. >>>>> >>>>> I have not yet resolved this serious security risk with tiddlywiki. In >>>>> other websites it is important to ensure no edit field allows someone to >>>>> insert HTML otherwise this is an avenue to hack your site, tiddlywiki >>>>> allows this by design. So any one that can save a wiki can do almost >>>>> anything especially if they add java script via a plugin. They could even >>>>> redirect you to another site that is a copy of yours which accepts your >>>>> password, logs it and returns you to your site, thus acquiring your >>>>> password. >>>>>> >>>>>> So thanks and let's work on this! >>>>>> >>>>>> Yours Jan >>>>> >>>>> I would like to know if we can get content from <embed >>>>> src="2018-11-15.tid"> and turn it into saved content. This would be a >>>>> way of Importing known tiddler/json fiels >>>>> Currently we can read it but even wikify can't turn it into text. >>>>> >>>>> >>>>> I am not negative about this, I believe there is a way, but we need some >>>>> innovative use of what is available to us. >>>>> Regards >>>>> Tony >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google Groups >>>>> "TiddlyWiki" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send an >>>>> email to [email protected]. >>>>> To post to this group, send email to [email protected]. >>>>> Visit this group at https://groups.google.com/group/tiddlywiki. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/tiddlywiki/0bef0f79-4a78-4ce3-82a7-852a671cd404%40googlegroups.com. >>>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "TiddlyWiki" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to [email protected]. >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/tiddlywiki. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/tiddlywiki/5f7bc9fd-330b-4e7e-819b-fcb26d818ebe%40googlegroups.com. >>> For more options, visit https://groups.google.com/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "TiddlyWiki" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/tiddlywiki. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/tiddlywiki/A1C2E9AE-2AAA-4986-AA7C-FBDC70C4B485%40gmail.com. >> For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "TiddlyWiki" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/tiddlywiki. > To view this discussion on the web visit > https://groups.google.com/d/msgid/tiddlywiki/5BEECCE8.1080208%40googlemail.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/52C5EE7B-D946-41BA-9CDC-9C09F6D91AE9%40gmail.com. For more options, visit https://groups.google.com/d/optout.
