Hi everybody,
I still have not found out, how this is done.
Can anyone explain the mechanism a little more detailed?
Is there a proof of concept somewhere?
Jan
Am 15.11.2018 um 22:37 schrieb Jeremy Ruston:
Hi Mark
Can the script tag be used anywhere during loading, or was that for
just for illustrative purposes?
I was just intending to show the structure of the script tag that is
needed, but as it happens one could include such a script tag directly
in a $:/tags/RawMarkup tiddler.
If I understand the flow you are suggesting, you wouldn't be able to
load tiddlers on the fly. But you could activate a checklist that
would then be used during the next reload to bring in the tiddlers ??
No, you could load them on the fly: clicking a button would trigger
the tm-load-jsonp message, which would then load the tiddlers dynamically.
I feel like the security model is very odd. They don't want you to
load/data/, but loading actual/code/is OK/?/
Browsers have, until recently, been relatively laissez fair about
continuing with the features that web developers need for testing
simple web pages locally via a file:// URI. Just recently, though, new
features (like service workers) are restricted in such a way that a
local web server is required for development.
(By the way, the reason why loading code is safer than data in this
context is because JSONP can only be used to read files that (a) one
knows the URL and (b) the file contains valid JavaScript that returns
a result in a very specific way. Note that the invoking JavaScript
code never sees the literal content of file that is loaded, it just
sees the results of executing it. So it’s pretty much impossible to
use this technique to exfiltrate personal data, whereas a generic
capability to read data files where one knows the path would be
absolutely devastating).
Best wishes
Jerwemy.
/
/
Thanks!
Mark
On Thursday, November 15, 2018 at 6:53:04 AM UTC-8, Jeremy Ruston wrote:
There is one technique that could be used to accomplish some of
what is being discussed in this thread: JSONP
https://en.wikipedia.org/wiki/JSONP
<https://en.wikipedia.org/wiki/JSONP>
Basically, it would require that tiddlers be stored in .jsonp
files like this:
$tw.wiki.addTiddlers([
{
"title": "HelloThere",
"text": "Some text"
},{
"title": "Getting Started",
"text": "Some more text"
}
]);
Then, to load tiddler(s) in a particular file, you’d need to use
JS to create a script tag that references that file and insert
the script tag into the DOM. The script tag would look like this:
<script src="./tiddlers/first-bundle.jsonp"></script>
In TW5, one might implement the loading via a startup module that
handles a "tm-load-jsonp” message.
It would be straightforward to make a new exporter template for
the JSONP format.
Best wishes
Jeremy
On 15 Nov 2018, at 04:12, TonyM <[email protected]
<http://gmail.com/>> wrote:
Am 14.11.2018 um 04:41 schrieb TonyM:
> Are the tid filenames already known?
For posts it would be good to import all tids in a folder I
think this
is most practical for most usecases.
The problem is the tiddlywiki needs to find the file names, if
it knows them in advance it may be easier
> What if you could see the content in the files without
importing them?
I knowThis could be realized by php...but in most cases I
would need
work with the files in the wiki.
Did you know this displays the content of a tid file ? <embed
src="2018-11-15.tid">
I have not yet worked out how to use this, but creating a new
tiddler with the text set to {{Test include}} may work
> Do you want a directory list to select from?
This would be great!
To me we can either have a file server (Eg TiddlyServer) or
another that allows you to view and import from the list of
files as URLs'
Or we can import them into a tiddler using another tool from
which you can select the files to import.
> How do the tid files get there in the first place?
Mostly uploaded by my php-upload mechanism. Maybe some
uploaded by me
vía ftp
this means you can dictate the naming standard so you should be
able to match this with your tiddlywiki
> How are you serving the tiddlywiki or is it in a file folder?
Html File from webdirectory
How are you making your tiddlywiki savable?
> Do you want a button that on clicking imports a known tid
file in the current directory?
>
Yeah! ...and all unknown .tids & .jsons in the directory as
well. In my
case they are automatically tagged and there is a filter
against <code>
so that they could be imported without risk...
If all your tids were in a known json filename you could import
them regardless of their actual tiddler name.
> To Mark's reply:
I guessed that there were security reasons... but are these
browser-restrictions? What is the difference form the
existing export-mecahnisms? And why is this more dangerous
than the drag n drop import way?
A drag and drop import is you, interactively opening things you
have a right to, selecting and placing, Where as if you want to
ask tiddlywiki (weather or not its you) to do it, or the server
will be doing it with its rights, you do not want to give these
rights to the users trying to hack your site.
I have not yet resolved this serious security risk with
tiddlywiki. In other websites it is important to ensure no edit
field allows someone to insert HTML otherwise this is an avenue
to hack your site, tiddlywiki allows this by design. So any one
that can save a wiki can do almost anything especially if they
add java script via a plugin. They could even redirect you to
another site that is a copy of yours which accepts your
password, logs it and returns you to your site, thus acquiring
your password.
So thanks and let's work on this!
Yours Jan
I would like to know if we can get content from <embed
src="2018-11-15.tid"> and turn it into saved content. This
would be a way of Importing known tiddler/json fiels
Currently we can read it but even wikify can't turn it into text.
I am not negative about this, I believe there is a way, but we
need some innovative use of what is available to us.
Regards
Tony
--
You received this message because you are subscribed to the
Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from
it, send an email [email protected]
<http://googlegroups.com/>.
To post to this group, send email [email protected]
<http://googlegroups.com/>.
Visit this group athttps://groups.google.com/group/tiddlywiki
<https://groups.google.com/group/tiddlywiki>.
To view this discussion on the web
visithttps://groups.google.com/d/msgid/tiddlywiki/0bef0f79-4a78-4ce3-82a7-852a671cd404%40googlegroups.com
<https://groups.google.com/d/msgid/tiddlywiki/0bef0f79-4a78-4ce3-82a7-852a671cd404%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visithttps://groups.google.com/d/optout
<https://groups.google.com/d/optout>.
--
You received this message because you are subscribed to the Google
Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it,
send an email [email protected]
<mailto:[email protected]>.
To post to this group, send email [email protected]
<mailto:[email protected]>.
Visit this group athttps://groups.google.com/group/tiddlywiki.
To view this discussion on the web
visithttps://groups.google.com/d/msgid/tiddlywiki/5f7bc9fd-330b-4e7e-819b-fcb26d818ebe%40googlegroups.com
<https://groups.google.com/d/msgid/tiddlywiki/5f7bc9fd-330b-4e7e-819b-fcb26d818ebe%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visithttps://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google
Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tiddlywiki/A1C2E9AE-2AAA-4986-AA7C-FBDC70C4B485%40gmail.com
<https://groups.google.com/d/msgid/tiddlywiki/A1C2E9AE-2AAA-4986-AA7C-FBDC70C4B485%40gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tiddlywiki/5D24985A.7090909%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.
