I was under the impression that inline JS has been passed on because it would undermine the ability to confidently import plugins from other TWs. So all the javascript is contained within tiddlers that have been marked as modules as opposed to running inline in any old tiddler. That makes it easier to know what javascript you are going to get before you import. Otherwise somebody might be able to get hold of you tiddlywiki data because you've imported something malicious. I thought the tiddlywiki framework was made the way it was to avoid resorting to javascript for these reasons. I'm not sure where I got that impression from, but I surely did.
On Tuesday, January 15, 2019 at 4:24:56 PM UTC, Mark S. wrote: > > Is it a safety concern? Unless you're using a web-facing special > deployment, who can change your TW code? > > I kind of thought it was more of a desire to reduce maintenance stemming > from changes made via javascript that violate internal TW mechanisms. > Especially since people might be tempted to cut and paste code from the web > based on the standard DOM model. That makes sense. The problem is that the > substitute toolkit we're given has some perplexing omissions. > > -- Mark > > On Monday, January 14, 2019 at 5:09:46 PM UTC-8, AdamS wrote: >> >> Hi Folks, >> >> I know it has been discussed a few times, but I keep coming back to the >> idea of inline javascript. Or at least something javascript-ish >> (javascript-esque?). I know the reason this capability isn't standard is >> because of security issues. I don't have much experience with this sort of >> thing, but I'm wondering how significant are the barriers to sanitizing >> inline javascript. What would need to be stripped out of a script tag to >> ensure that it would be safe? I'm guessing any DOM manipulation would be >> right out, as well as access to the window object. But even if we could >> just get a safe inline javascript for control flow, array, string, and >> number manipulation, that could be pretty cool. Could this be securely done? >> >> Best wishes, >> >> Adam >> > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/70a9d747-6d0c-42ca-ba9a-ba9bf6e9f665%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
