18 Apr
2016
18 Apr
'16
10:25 a.m.
The HTML macro doesn't execute JavaScript code. It outputs HTML code that
ends up being interpreted by the browser. So in order to prevent the
execution of the JavaScript code that might be embedded in the HTML code
generated by the HTML macro, the options are:
(1) prevent the usage of the HTML macro (I don't know if it's possible
right now, but it would be nice to be able to add a wiki macro, HTML in
this case, to the list of wiki macros that require Script right in order to
be executed)
(2) add support for "cleaning" the JavaScript code from the output produced
by the HTML macro (enabled with a parameter)
(3) modify the HTML macro to require Script right when JavaScript code is
detected
Unfortunately none is implemented yet, afaik.
On Fri, Apr 15, 2016 at 11:56 PM, Andrew Kuang <afkuang(a)gmail.com> wrote:
Hi,
I wanted to assess how difficult it might be to disable all javascript
execution in HTML macros on XWiki. My main concern would be to avoid
breaking any important XWiki pages that utilize javascript within the HTML
macro (as referenced here:
http://lists.xwiki.org/pipermail/users/2009-June/012226.html). Is there
any
XWiki functionality that is still dependent on executing javascript via
{{html}}?
I also noticed in the comments on this JIRA issue
(
https://jira.xwiki.org/browse/XRENDERING-27?jql=text%20~%20%22html%20macro%…
),
Vincent Massol mentioned that wiki macros 2.0 will be designed in such a
way
that we can override the HTML macro and filter out javascript usages. I was
wondering if this was still the best solution to disabling future javscript
usage within {{html}}. Thank you!
--
View this message in context:
http://xwiki.475771.n2.nabble.com/Disabling-javascript-in-HTML-macro-tp7599…
Sent from the XWiki- Users mailing list archive at Nabble.com.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users