Using/allowing script tags for static file rendering

[Donald Coates]

Is it possible to have <script> tags and allow them to be rendered in a static page?  I understand the security issues for inside a tiddler, but when rendered as an html page it would be useful.

Thank you.

[TW Tones]

Donald,

I personally see no reason why not. TiddlyWiki itself uses raw system tags for a similar purpose. Includes insertion head/body etc... Which you could clone for scrips and styles.

You will need to modify the static tiddler template to accommodate it, and you can transclude this content from another tiddler.

However a longer lasting and sharable solution would be to provide a mechaisium within the static template, to accept this (and other values) from the source tiddler

eg a static-script field in source tiddlers could contain what is to be added between the script tags or a transclusion of a tiddler) thus the author can decide on a per-tiddler basis which static pages get custom scripts or styles.

This would further support the use of Tiddlywiki as a site generator.

Regards

TW Tones.

[Donald Coates]

It is possible to have a tiddler with a <script> block as its contents and transclude this into the templates/static.tiddler.html so that for example I have code necessary for the comments section on each page rendered by that template.

However I cannot have an <script> block within a tiddler that is to be rendered through that template, for example the one time, in document  code necessary to embed a github gist that shows a block of code I am talking about,  because it gets mangled into an unusable form in the process of being rendered.  It seems like no matter how I try and put that <script> code into the tiddler, be it by macro or transclusion, it still gets 'neutered' in the rendering process.  This is what I would like to change.

[Joshua Fontany]

Tiddlywiki always "breaks" script tags rendered inside tiddlers displayed in the story-river and most translcusions as a security measure.

If you need the script included in the header portion of the HTML template used to render the whole page, tag the tiddler with "$:/tags/RawMarkup". This places the raw contents of the tiddler's text field in the header tag of the template. This requires that you Save and Reload your wiki.

If you use the other RawMarkupWikified tags ( $:/tags/RawMarkupWikified , $:/tags/RawMarkupWikified/TopBody, etc), then tiddlywiki tries to parse the text field of the tiddler so-tagged into "simple text" (stripping out HTML tags, etc). In order to prevent this, use a special "pragma line" at the top of the text field:

`\rules only filteredtranscludeinline transcludeinline` 

This restricts text-processing to only transcluded data. Also, "Note that the wiki must be saved and reloaded in order for a raw markup tiddler to take effect. Also note that global macros are not available by default within raw markup tiddlers; you can use the ImportVariablesWidget to explicitly import them."

I hope that helps.

Best,
Joshua Fontany

[TW Tones]

Donald,

If you look inside $:/core/templates/static.template.html you can see how the template currently does it in two ways in fact for styles;

<div id="styleArea">
{{$:/boot/boot.css||$:/core/templates/css-tiddler}}
</div>
<style type="text/css">
{{$:/core/ui/PageStylesheet||$:/core/templates/wikified-tiddler}}
</style>

Notice how its setting $:/boot/boot.css and $:/core/ui/PageStylesheet as the current tiddler and transclude a template?

In fact if you look inside $:/core/templates/css-tiddler you will see the style tags in there, of note is this tiddler is unusually formatted  

There should be a simple way to do this. If the style or script tags are specific to a particular page ie tiddler we could make use of a field in the tiddler to contain a transclusion of the style / scripts that the template subsequently includes in the template, you can then choose which page has which scripts.

I do not have the time right now, but such a solution would possibly be reusable and helpful to others.

Regards

Tony

[Donald Coates]

Thank you Joshua!  Though I am not sure it applies to the extremely specific github gist embed case, this is really useful info for the building of templates and will be very handy going forward.  Thank you!!

[Donald Coates]

Thanks Tones I have been thinking of a way to incorporate this transclusion with templates along the lines of the example given where a line of text is run through at template: `{{Transclusion||$:/core/ui/TagTemplate}}` .  I have found a work around but I would rather use something like this which doesn't necessarily effect the entire tiddler.

[Donald Coates]

SOLUTION/WORKAROUND

WARNING: this requires changing a core tiddler.  The code is there for a reason.  My use case is very specific in that I will only be doing this on a wiki that runs just to render static tiddlers.

I noticed that the rendering process for the <script> tag renders as <safe-script>.  So I just searched and found the tiddler responsible for the modification and commented out the code.

The tiddler is $:/core/modules/widgets/element.js  and the code to comment out is

if($tw.config.htmlUnsafeElements.indexOf(tag) !== -1)
{ tag = "safe-" + tag;
}

Again this would I imagine create a very serious security risk in wikis open to the internet.