On Jan 29, 2010, at 3:04 PM, Marius Dumitru Florea wrote:
Hi devs,
Right now JavaScript extensions are included when a document is rendered in WYSIWYG edit mode. This has both advantages and disadvantages.
Pro: If the output of a macro depends on a JavaScript extension, then the result of rendering that macro will be the same in view mode and (WYSIWYG) edit mode.
Con: If the JavaScript extension is not aware of the edit mode then it can modify the DOM document outside of the read-only macro markers which leads to unwanted changes in the content of the edited document (i.e. the modifications done by the JavaScript extension are saved). Such an example is http://jira.xwiki.org/jira/browse/XWIKI-4665 .
Before deciding isn't there a possibility to protect the DOM? Is there no way to do that? We're going to do something a little similar for the rendering is there's invalid HTML entered: http://jira.xwiki.org/jira/browse/XWIKI-3782 Thanks -Vincent
WDYT? Should we limit the WYSIWYG in order to make the editing safer?
I'm +0.
Thanks, Marius