><<hideWhen>> can do evil things:
> <div macro="hideWhen evil code">
I know, that the above can execute code.
But creating local variables, that overwrite global vars, that are
needed to do "evil code", I thought would help.
var clearInterval, clearTimeout, document, event, frames,
history, Image, location, name, navigator, Option, parent,
screen, setInterval, setTimeout, window,
XMLHttpRequest, Function,
jQuery, TiddlyWiki = undefined;
the above are local.
removeElementWhen( eval('var eval;' + paramString), place);
the eval above can't access global "window" anymore.
-m
--
You received this message because you are subscribed to the Google Groups
"TiddlyWikiDev" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/tiddlywikidev?hl=en.
