1
0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2024-11-14 22:04:51 +00:00
Commit Graph

5 Commits

Author SHA1 Message Date
Jermolene
ba6edd42c1 Explicitly blacklist unsafe elements, starting with <script>
Are there are any other elements that might be considered unsafe?
2014-03-19 10:05:44 +00:00
Jermolene
d0caf21b2d Exclude attributes starting "on" on HTML elements
Because:

* It doesn't work well with TW5's refresh mechanism, which relies on
being able to regenerate any portion of the DOM as required; this
frequently causes inline handlers to be re-executed at unexpected times
(see
http://tiddlywiki.com/static/TiddlyWiki%2520for%2520Developers.html)
* It mixes TW5 version-specific JavaScript with user content
* In multiuser environments there is a security risk to importing or
viewing tiddlers you didn't author if they can have JavaScript in them
2014-03-12 16:39:18 +00:00
Jermolene
6f1c9d88cc Improve the Widget.prototype.removeChildDomNodes() method so that most subclasses won't need to override it 2013-11-09 16:55:14 +00:00
Jeremy Ruston
b7cb1d3391 Change new_widget to widget
I was avoiding doing this until after the merge.
2013-11-08 08:47:00 +00:00
Jeremy Ruston
3e3a5917b7 Move the widgets back to the right folder 2013-11-08 08:38:44 +00:00