This question may be better placed in the tiddlywiki dev forum. There are reasons beyond secutity that javascript is not freely added, in part because it is through widgets such functionality is published. However you can include external javacript in a tiddler with raw system tag. Many plugins include javascript and libraries it is just tgat they need to be added within the framework tiddlywiki presents.
Regards
Tony
Yeah, that's kind of my point. I understand why standard inline javascript is not something that can be part of the core, or anything so fundamental to the way tiddlywiki works. That's why I'm wondering if it would be possible to sanitize it, removing any DOM related stuff or anything that might pose a security problem, but allow things like string and array manipulation and basic logic. I've found the wikitext and widget syntax within TW5 to be a lot more difficult to learn than Javascript. If I'm not alone in that, being able to do some of the lifting with a skill that is more widely applicable might help with uptake with new users.
On 16 Jan 2019, at 23:25, AdamS <adam.the...@gmail.com> wrote:Thank you all. That's a lot of good information for my to look through and cogitate on!
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/8ddce635-574b-4a79-8ccd-027ef0fd6c17%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Thanks for the info. I guess I'm just wondering if there is a convenient way to filter out some features of JS and allow others to go through. I see lots of plugins that provide atomized functionality of simple capabilities of javascript. It just seems to me that if it were possible to build an effective filter, one might be able to have all that functionality in the core without bloating tw.The Secure EcmaScript is really interesting. Though I wonder if there is a simpler way to do this without executing the code in a sandbox environment. Is it possible to, in the parsing stage, identify blacklisted keywords, and if those words appear, don't make a script tag out of the code? Or maybe (if a blacklist would be too large) just have a list of whitelisted words and symbols (including a set of allotted variable names). If the code is built only of these parts, then a script tag is made of it. Else, it doesn't run. Or it throws an error or something.I'm fairly new to JS and programming generally; so this may all be hopelessly naive of me. I just wonder if the bloat of multiple (and sometimes overlapping) plugins to perform string, numerical, JSON, or array manipulation could be reduced.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/1726d702-9a30-4682-92f1-fe0427743abb%40googlegroups.com.