Thank you for the responses, Vincent and Marius.

After playing around with the HTML macro, I came across a potential
solution. It appears that all the XWiki-created pages reside within certain
spaces (xwiki:Wiki, xwiki:WikiManager, etc). With that in mind, I was able
to prototype an override for the HTML macro that whitelisted specific wiki
spaces (Wiki, WikiManager, etc) and potentially lock down the creation/edit
of pages in those spaces to the Admin group. This way we would be able to
avoid conflicting with any existing Javascript usage while preventing
outside (non-admin) users from using JavaScript on their pages.

In the event that the page in question is not part of the whitelisted space
and contains Javascript, we would return an error block with an error
message instead of rendering the content passed into the HTML macro. I
wanted to get any input on if this is a viable solution or if there are any
crucial parts I may have overlooked that jeopardize this approach. Thank

View this message in context:
Sent from the XWiki- Users mailing list archive at
users mailing list

Reply via email to