Java Script Enabled Wiki

Please list and comment JavaScriptEnabledWikis here:

Not sure if this is exactly what is meant, but TWiki ( plugins, etc., often make use of JavaScript.

-- AndyGlew

Moved from WhyDoesntWikiDoHtml

Q. Why not have it both ways? Let me input my text using either Wiki syntax or HTML syntax and just convert on the server side. When it's time for someone to edit it, just convert to whichever format they prefer. You could have a button/checkbox/whatever on the edit page to select which mode you want to see it in.

A. DoTheSimplestThingThatCouldPossiblyWork. WardsWiki has WabiSabi.

PyWiki does this, though I'm not sure if that's by design or just an artifact of the implementation. Regardless, it turned out to be really handy. I particularly liked being able to throw <Hn> tags in. -- CurtisBartley

You do need to be careful of this, though, because you're allowing anybody to embed a potentially harmful HTML block into your system. Malicious users could use the opportunity to embed a nasty ActiveX control on the page (when rendered) that viewers of the page think is coming from you. -- TedNeward

Indeed so, but doesn't WhyWikiWorks apply here too? -- PiersCawley

It's the difference between having a wiki that miscreants can harm, and having a wiki that miscreants can use to harm you.

It's quite easy to support a restricted subset of HTML, while at the same time screening out attempts to embed JavaScript. -- DaveSmith

Yes, but how do you test the code?

Uhm, if I recall, don't all the scripting dialects have one thing in common? They are always enclosed in comment blocks - yes? So, I'm a little confused about "test the code" - test which code? You wouldn't "test" the script, you would simply ignore the whole block. Have I missed the point?

Actually, not all scripts are in comment blocks. It isn't required, and is only done to keep pitiful old browsers from making a mess of themselves or your page. More and more people aren't commenting out script blocks because it's unnecessary. The code they were referring to test was the JavaScript filtering code, which would be dangerous to test, if you were going to try to expose yourself to dangerous JavaScript code. Trying your hardest to get the code "alert('you lose!');" to work would be a safer way to test it. -- Jason Boyer

It's dead easy to strip harmful code from an html document. You merely allow x, y and z tags and strip any attributes of those tags. -- Ben Nolan
See also WikiWithProgrammableContent

View edit of June 22, 2009 or FindPage with title or text search