18 Apr
2016
18 Apr
'16
5:14 p.m.
Hi Andrew,
On 15 Apr 2016, at 22:56, Andrew Kuang
<afkuang(a)gmail.com> wrote:
Hi,
I wanted to assess how difficult it might be to disable all javascript
execution in HTML macros on XWiki. My main concern would be to avoid
breaking any important XWiki pages that utilize javascript within the HTML
macro (as referenced here:
http://lists.xwiki.org/pipermail/users/2009-June/012226.html). Is there any
XWiki functionality that is still dependent on executing javascript via
{{html}}?
I also noticed in the comments on this JIRA issue
(https://jira.xwiki.org/browse/XRENDERING-27?jql=text%20~%20%22html%20macro%…),
Vincent Massol mentioned that wiki macros 2.0 will be designed in such a way
that we can override the HTML macro and filter out javascript usages. I was
wondering if this was still the best solution to disabling future javscript
usage within {{html}}. Thank you!
While googling I’ve found this solution
http://kudzia.eu/b/2014/11/xwiki-html-macro-tag-and-unwanted-javascript/
Would that work for you?
I remember that Thomas Delafosse worked on some code to filter out javascript and other
tags from the HTML Macro but I don’t remember the status. I’ve just found this email
thread: http://lists.xwiki.org/pipermail/devs/2013-June/054519.html
Thanks
-Vincent
View this message in context:
http://xwiki.475771.n2.nabble.com/Disabling-javascript-in-HTML-macro-tp7599…