1
0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2025-01-11 18:00:26 +00:00

Genesis widget rewording

This commit is contained in:
jeremy@jermolene.com 2023-01-17 16:56:25 +00:00
parent db88eed88f
commit 4546828541
2 changed files with 2 additions and 3 deletions

View File

@ -43,7 +43,6 @@ src="""\define my-banner(mode:"inline",caption)
! Important
<$macrocall $name=".warning" _="""
In the following example the widget attribute named `one` is absent from the HTML output, since HTML attributes with the prefix `on` are removed for security reasons. See [[HTML in WikiText]] "Security" for more details.
In the following example the widget attribute named `one` is not present in the HTML output. This is because HTML attributes starting with the prefix `on` are removed for security reasons. See [[HTML in WikiText]] "Security" for more details. This restriction only affects generated HTML elements, and does not prevent the use of attributes prefixed `on` with other widgets"""/>
<<wikitext-example '<$genesis $type="my-element" $names="one two" $values="1 2">Test Genesis Widget</$genesis>'>>
"""/>

View File

@ -33,7 +33,7 @@ some text <!-- inline comment -->
!! Security
<<.warning """Every HTML attribute prefixed with `on` is removed from rendered HTML content for security reasons. eg: `onclick="some evil code"` would be executed, if no sanitation is active. In ~TiddlyWiki It's important to remove every attribute prefixed with `on` so future extensions to the HTML spec will be secure by default. This can lead to some inconvenience since custom attributes like eg: `one` are removed too. """>>
<<.warning """Note that any HTML attributes prefixed with `on` are removed from the rendered HTML content. This is done to prevent event handlers (such as "onclick") being used as a clandestine way to execute untrusted JavaScript. A design goal of TiddlyWiki is to ensure that executable JavaScript can only enter the system through explicit JavaScript module tiddlers or raw markup tiddlers. This makes it possible to filter unsafe content in multiuser environments, and also makes it safer to copy untrusted wikitext examples.""">>
!! Widgets