Is it a safety concern? Unless you're using a web-facing special deployment, who can change your TW code?
I kind of thought it was more of a desire to reduce maintenance stemming from changes made via javascript that violate internal TW mechanisms. Especially since people might be tempted to cut and paste code from the web based on the standard DOM model. That makes sense. The problem is that the substitute toolkit we're given has some perplexing omissions. -- Mark On Monday, January 14, 2019 at 5:09:46 PM UTC-8, AdamS wrote: > > Hi Folks, > > I know it has been discussed a few times, but I keep coming back to the > idea of inline javascript. Or at least something javascript-ish > (javascript-esque?). I know the reason this capability isn't standard is > because of security issues. I don't have much experience with this sort of > thing, but I'm wondering how significant are the barriers to sanitizing > inline javascript. What would need to be stripped out of a script tag to > ensure that it would be safe? I'm guessing any DOM manipulation would be > right out, as well as access to the window object. But even if we could > just get a safe inline javascript for control flow, array, string, and > number manipulation, that could be pretty cool. Could this be securely done? > > Best wishes, > > Adam > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/201bedb2-7342-4d72-846f-f9c8cd27a729%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
