Another issue with inline javascript specific to TW is that it interferes with the parse/render/update loop. Let's say you include some inline javascript in your tiddler. When is it supposed to execute? When rendered? How often? Keep in mind that TW rerenders tiddlers if any of the state they depend on changes (like the React Virtual DOM). These renders may not be visible to you the user. And what happens when your javascript is executed twice? Overall, it is a lot simpler to reason about, and less bug prone, to require all javascript calls to be part of the parse/render/update loop.
On Monday, January 14, 2019 at 8:09:46 PM UTC-5, AdamS wrote: > > Hi Folks, > > I know it has been discussed a few times, but I keep coming back to the > idea of inline javascript. Or at least something javascript-ish > (javascript-esque?). I know the reason this capability isn't standard is > because of security issues. I don't have much experience with this sort of > thing, but I'm wondering how significant are the barriers to sanitizing > inline javascript. What would need to be stripped out of a script tag to > ensure that it would be safe? I'm guessing any DOM manipulation would be > right out, as well as access to the window object. But even if we could > just get a safe inline javascript for control flow, array, string, and > number manipulation, that could be pretty cool. Could this be securely done? > > Best wishes, > > Adam > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/52f4452c-43e0-4633-9750-803500f6b861%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
