Thanks once again Andreas.
I understand the risk from a security perspective. But in my situation, the
cms is being used by a closed group, where the security risk is much lower and
can be considered unhazardous. Also, there are quite a few harmless inline
javascripts that are being used all over the site. I would want to be able to
do the porting without having to resort to work arounds.
Also, while porting more pages, today, I am facing these errors (which seemed
to be a similar problem):
* error: attribute "onsubmit" not allowed at this point; ignored
* error: unknown element "noscript" from namespace
"http://www.w3.org/1999/xhtml";
* error: element "input" from namespace "http://www.w3.org/1999/xhtml";
not allowed in this context
* error: attribute "alt" not allowed at this point; ignored
* error: attribute "onclick" not allowed at this point; ignored
* error: attribute "style" not allowed at this point; ignored
* error: bad value for attribute "type"
* error: attribute "style" not allowed at this point; ignored
* error: attribute "alt" not allowed at this point; ignored
* error: attribute "onclick" not allowed at this point; ignored
* error: bad value for attribute "type"
* error: attribute "alt" not allowed at this point; ignored
* error: attribute "onclick" not allowed at this point; ignored
* error: bad value for attribute "type"
* error: attribute "alt" not allowed at this point; ignored
* error: attribute "onclick" not allowed at this point; ignored
* error: bad value for attribute "type" However, when I copy the html
(from one form) and validate it using validator.w3.org, it is passing off as a
valid xhtml. In addition to <script> tags now I am facing problems with other
attributes. I do not understand which schema / dtd is being used for
validating the xhtml in these editors and why is oneform reporting error when
w3 validator isnt for the same format (xhtml1.0-strict). I guess, I did not
understand your answer completely. I do not understand which schema should I
change to, in page2xhtml.xsl. Please note that I am trying to add only valid
xhtml1.0-strict fragments only after having verified it using w3 validator.
Ramesh
----- Original Message ----
From: Andreas Hartmann <[EMAIL PROTECTED]>
To: [email protected]
Sent: Monday, October 20, 2008 2:17:54 AM
Subject: Re: can i use kupu editor for creating content with inline javascipt
Hi Ramesh,
Ramesh Chandra schrieb:
> I tried "authoring" the website that I am creating using the new
> Lenya installation (that I made on my box), porting it from the
> static html pages. However, I am stuck at the very first page. The
> home page has some inline javascripts providing essential navigation
> features for the whole website. This inline javascript cannot be
> replaced with any other serverside component. But, when I tried to
> create this page using kupu/one form, I am getting an with message
> 'error: unknown element "script" from namespace
> "http://www.w3.org/1999/xhtml";'. However, when I copy+pasted the
> same content into http://validator.w3.org/ direct-input and it went
> through the validation successfuly and was reported as a valid xhtml
> file. I fail to understand the reason why one form is not allowing
> inline javasc ript to be used. Any information on this will be
> greatly appreciated.
Lenya is used in some large organziations with multiple content editors
who aren't IT experts. In such a scenario, if you allow to add <script>
elements to the page context, this is a considerable security risk and
could also problems with the website presentation. Therefore the default
schema doesn't allow this element.
You can change the schema in the XHTML module accordingly, but I'd
strongly discourage this for the reasons mentioned above. You should
rather override the XSLT of the homepage or xhtml module (whichever
applies to your content) or page2xhtml.xsl to include the <script> elements.
-- Andreas
--
Andreas Hartmann, CTO
BeCompany GmbH
http://www.becompany.ch
Tel.: +41 (0) 43 818 57 01
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
