Would it be possible to import a .tid-files from a webfolder?

241 views
Skip to first unread message

Jan

unread,
Nov 13, 2018, 6:52:15 PM11/13/18
to tiddlyWiki
Hey everybody,

I know it is possible to import files by drag and drop, I know it is
possible to browse for a local folder and select a tid file to import.

What exactly happens when I drag a tiddler into the dropzone or press an
import button?
Is there a way to build a button to import .tid files form a webfolder
into a html-wikifile?
If there is no way yet... would this be possible?
The first time I had the desire to have this was when I built a
php-commentsystem which is saving to a folder on my webserver.
Mo my mind this would make possible several important things...

Yours Jan

Mark S.

unread,
Nov 13, 2018, 7:33:01 PM11/13/18
to TiddlyWiki
I'm pretty sure based on prior conversations in the forum that this is not possible thanks to browser security restrictions. The fear is that malicious code could read anything off your system if it was allowed to happen without a dialog.

-- Mark

TonyM

unread,
Nov 13, 2018, 10:41:01 PM11/13/18
to TiddlyWiki
Jan,

I have similar interests.

Are the tid filenames already known?
What if you could see the content in the files without importing them?
Do you want a directory list to select from?
How do the tid files get there in the first place?
How are you serving the tiddlywiki or is it in a file folder?
Do you want a button that on clicking imports a known tid file in the current directory?

With these answers I may provide some details and explore a path to answer your question

Regards
Tony

Jan

unread,
Nov 14, 2018, 1:37:41 PM11/14/18
to tiddl...@googlegroups.com
Hi Mark Hi Tony, Thanks for your replies,

Tony it feels good to see that share my interest!


Am 14.11.2018 um 04:41 schrieb TonyM:
> Are the tid filenames already known?
For posts it would be good to import all tids in a folder I think this
is most practical for most usecases.
> What if you could see the content in the files without importing them?
I knowThis could be realized by php...but in most cases I would need
work with the files in the wiki.
> Do you want a directory list to select from?
This would be great!
> How do the tid files get there in the first place?
Mostly uploaded by my php-upload mechanism. Maybe some uploaded by me
vía ftp
> How are you serving the tiddlywiki or is it in a file folder?
Html File from webdirectory
> Do you want a button that on clicking imports a known tid file in the current directory?
>
Yeah! ...and all unknown .tids & .jsons in the directory as well. In my
case they are automatically tagged and there is a filter against <code>
so that they could be imported without risk...

> To Mark's reply:

I guessed that there were security reasons... but are these browser-restrictions? What is the difference form the existing export-mecahnisms? And why is this more dangerous than the drag n drop import way?


So thanks and let's work on this!

Yours Jan

Mark S.

unread,
Nov 14, 2018, 1:45:28 PM11/14/18
to TiddlyWiki
When you drag and drop, or use the import dialog, you're making a conscious, deliberate choice. Nothing is happening in secret behind the scenes. Or at least that's how I understand it.

-- Mark

@TiddlyTweeter

unread,
Nov 14, 2018, 1:57:40 PM11/14/18
to TiddlyWiki
Mark & Jan

Right. That was the message also of this recent thread when I asked if you could give exact addresses for target imports. Basically you can't now in standard browsers.


J.

Jan

unread,
Nov 14, 2018, 7:16:25 PM11/14/18
to tiddl...@googlegroups.com
Hi Mark,
I would be willing to make this deliberate choice with a second click. I would click even more times to get my Tiddlers.

Hi Josiah,
Thanks for the information. The argument about browser security tricking users to press a button is true, of course. But there must be some way: At least Jeds Twederation Bundler Plugin is performing something very similar.

Jan
--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/e525b84a-0422-4506-998a-5d5bfe08c878%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Mark S.

unread,
Nov 14, 2018, 7:32:51 PM11/14/18
to TiddlyWiki
I just realized that I don't quite understand the question. What do you mean by importing from a "webfolder" ? What is a webfolder in this context?

In theory, anything running on your local system (node, Bob) has access to your local system, so there may be more possibilities.

-- Mark

TonyM

unread,
Nov 14, 2018, 11:12:01 PM11/14/18
to TiddlyWiki
Am 14.11.2018 um 04:41 schrieb TonyM:
>   Are the tid filenames already known?
For posts it would be good to import all tids in a folder I think this
is  most practical for most usecases.
The problem is the tiddlywiki needs to find the file names, if it knows them in advance it may be easier
> What if you could see the content in the files without importing them?
I knowThis could be realized by php...but in most cases I would need
work with the files in the wiki.
Did you know this displays the content of a tid file ? <embed src="2018-11-15.tid"> 
I have not yet worked out how to use this, but creating a new tiddler with the text set to {{Test include}} may work
> Do you want a directory list to select from?
This would be great!
To me we can either have a file server (Eg TiddlyServer) or another that allows you to view and import from the list of files as URLs' 
Or we can import them into a tiddler using another tool from which you can select the files to import.
> How do the tid files get there in the first place?
Mostly uploaded by my php-upload mechanism. Maybe some uploaded by me
vía ftp
this means you can dictate the naming standard so  you should be able to match this with your tiddlywiki
> How are you serving the tiddlywiki or is it in a file folder?
Html File from webdirectory
How are you making your tiddlywiki savable? 

> Do you want a button that on clicking imports a known tid file in the current directory?
>
Yeah! ...and all unknown .tids & .jsons in the directory as well. In my
case they are automatically tagged and there is a filter against <code>
so that they could be imported without risk...
If all your tids were in a known json filename you could import them regardless of their actual tiddler name.
 


> To Mark's reply:

I guessed that there were security reasons... but are these browser-restrictions? What is the difference form the existing export-mecahnisms? And why is this more dangerous than the drag n drop import way?

A drag and drop import is you, interactively opening things you have a right to, selecting  and placing, Where as if you want to ask tiddlywiki (weather or not its you) to do it, or the server will be doing it with its rights, you do not want to give these rights to the users trying to hack your site.

I have not yet resolved this serious security risk with tiddlywiki. In other websites it is important to ensure no edit field allows someone to insert HTML otherwise this is an avenue to hack your site, tiddlywiki allows this by design. So any one that can save a wiki can do almost anything especially if they add java script via a plugin. They could even redirect you to another site that is a copy of yours which accepts your password, logs it and returns you to your site, thus acquiring your password.

So thanks and let's work on this!

Yours Jan

I would like to know if we can get content from <embed src="2018-11-15.tid">  and turn it into saved content. This would be a way of Importing known tiddler/json fiels
Currently we can read it but even wikify can't turn it into text.


I am not negative about this, I believe there is a way, but we need some innovative use of what is available to us.
Regards
Tony 

Jeremy Ruston

unread,
Nov 15, 2018, 9:53:04 AM11/15/18
to tiddl...@googlegroups.com
There is one technique that could be used to accomplish some of what is being discussed in this thread: JSONP https://en.wikipedia.org/wiki/JSONP

Basically, it would require that tiddlers be stored in .jsonp files like this:

$tw.wiki.addTiddlers([
{
"title": "HelloThere",
"text": "Some text"
},{
"title": "Getting Started",
"text": "Some more text"
}
]);

Then, to load tiddler(s) in a particular file, you’d need to use JS to create a script tag that references that file and insert the script tag into the DOM. The script tag would look like this:

<script src="./tiddlers/first-bundle.jsonp"></script>

In TW5, one might implement the loading via a startup module that handles a "tm-load-jsonp” message.

It would be straightforward to make a new exporter template for the JSONP format.

Best wishes

Jeremy


--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.

@TiddlyTweeter

unread,
Nov 15, 2018, 11:25:40 AM11/15/18
to tiddl...@googlegroups.com
Ciao Jeremy

Looks very useful if it can be achieved.

I can explain a Use-Case of some interest where it could be very helpful.

Jed Carty's Bob is a good instance to start with. Bob supports direct easy access to user set "editions"; it supports, out-of-the-box inter-wiki one-button-press "fetch" (great for styling, adding plugins etc).

In other words, you can build very easily and quickly a custom TW end-user version in literally a few seconds.

The one thing missing that could really complete the "access components efficiently" is single-click access to specific JSON file imports. External JSON has the concrete advantage that you can save to one a "perfectly honed" assemblage of highly specified Tiddlers that can go even further than the other methods.

Best wishes
Josiah

Jeremy wrote...

Jeremy Ruston

unread,
Nov 15, 2018, 11:45:00 AM11/15/18
to tiddl...@googlegroups.com
Hi Josiah

I can explain a Use-Case of some interest where it could be very helpful.

Bob is running under Node.js and so can just reach into the file system and retrieve arbitrary .tid files. The approach I mentioned is a technique for the browser.

Best wishes

Jeremy.



Best wishes
Josiah

Jeremy wrote...

There is one technique that could be used to accomplish some of what is being discussed in this thread: JSONP https://en.wikipedia.org/wiki/JSONP

Basically, it would require that tiddlers be stored in .jsonp files like this:

$tw.wiki.addTiddlers([
{
"title": "HelloThere",
"text": "Some text"
},{
"title": "Getting Started",
"text": "Some more text"
}
]);

Then, to load tiddler(s) in a particular file, you’d need to use JS to create a script tag that references that file and insert the script tag into the DOM. The script tag would look like this:

<script src="./tiddlers/first-bundle.jsonp"></script>

In TW5, one might implement the loading via a startup module that handles a "tm-load-jsonp” message.

It would be straightforward to make a new exporter template for the JSONP format.

-- 
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.

Mark S.

unread,
Nov 15, 2018, 11:50:26 AM11/15/18
to TiddlyWiki
Hi Jeremy,

Can the script tag be used anywhere during loading, or was that for just for illustrative purposes?

If I understand the flow you are suggesting, you wouldn't be able to load tiddlers on the fly. But you could activate a checklist that would then be used during the next reload to bring in the tiddlers ??

I feel like the security model is very odd. They don't want you to load data, but loading actual code is OK?

Thanks!
Mark

Jeremy Ruston

unread,
Nov 15, 2018, 4:37:58 PM11/15/18
to tiddl...@googlegroups.com
Hi Mark

Can the script tag be used anywhere during loading, or was that for just for illustrative purposes?

I was  just intending to show the structure of the script tag that is needed, but as it happens one could include such a script tag directly in a $:/tags/RawMarkup tiddler. 

If I understand the flow you are suggesting, you wouldn't be able to load tiddlers on the fly. But you could activate a checklist that would then be used during the next reload to bring in the tiddlers ??

No, you could load them on the fly: clicking a button would trigger the tm-load-jsonp message, which would then load the tiddlers dynamically.

I feel like the security model is very odd. They don't want you to load data, but loading actual code is OK?

Browsers have, until recently, been relatively laissez fair about continuing with the features that web developers need for testing simple web pages locally via a file:// URI. Just recently, though, new features (like service workers) are restricted in such a way that a local web server is required for development.

(By the way, the reason why loading code is safer than data in this context is because JSONP can only be used to read files that (a) one knows the URL and (b) the file contains valid JavaScript that returns a result in a very specific way. Note that the invoking JavaScript code never sees the literal content of file that is loaded, it just sees the results of executing it. So it’s pretty much impossible to use this technique to exfiltrate personal data, whereas a generic capability to read data files where one knows the path would be absolutely devastating).

Best wishes

Jerwemy.

Jan

unread,
Nov 16, 2018, 8:58:13 AM11/16/18
to tiddl...@googlegroups.com
Hi Jeremy,
thanks for this idea!
I would love to have this mechanism - and a jsonp-tiddler creator, because this is what I would need for a php-upload-mechanism.
As I guess, <script src="./tiddlers/first-bundle.jsonp"></script> would apply to one special file with a known title, would it be possible to get a list of all files in a directory and choose which one to download?

best wishes,
Jan

Jeremy Ruston

unread,
Nov 16, 2018, 9:07:49 AM11/16/18
to tiddl...@googlegroups.com
Hi Jan,

No, sadly, the technique requires you to know the pathname of the file in advance.

Best wishes

Jan

unread,
Nov 16, 2018, 9:33:55 AM11/16/18
to tiddl...@googlegroups.com
Hi Jeremy
So it is nothing for the comments but a great upgrade-trigger.

At least we could get a list of the postings into an iframe via php, then it could be possible to drag the links into an edit-field and trigger it with a button.

Yours Jan

Jan

unread,
Dec 3, 2018, 5:25:41 PM12/3/18
to tiddl...@googlegroups.com
Hi Jeremy,
I made a test on this, as I understood your instruction http://szenio.de/UpAndDown/
I put the scripttag into a tiddler open in the storyrivver.
I fear my understanding is a little to easy... what exactly does insert the script tag into the DOM mean.

Jan

Jan

unread,
Jul 9, 2019, 9:36:45 AM7/9/19
to tiddl...@googlegroups.com
Hi everybody,
I still have not found out, how this is done.
Can anyone explain the mechanism a little more detailed?
Is there a proof of  concept somewhere?


Jan

Am 15.11.2018 um 22:37 schrieb Jeremy Ruston:
Reply all
Reply to author
Forward
0 new messages