Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Let users link in a javascript library

by jdporter (Paladin)
on Apr 14, 2008 at 16:05 UTC ( [id://680323]=monkdiscuss: print w/replies, xml ) Need Help??

Currently, users can have PerlMonks automatically include a link to an arbitrary CSS source in each page. (Go to Display Settings and look under Stylesheet Settings.) I think it would be nice to be able similarly to link in a javascript source, such as jQuery, script.aculo.us, or other AJAX library.

It is possible to use the Free Nodelet to bring such a link into each of your pages; but there are two downsides to this approach: 1, some users might not otherwise have a need or desire to enable their Free Nodelet; and B, the Free Nodelet is not available for some pages, such as the four frames in the Full-Page Chat.

The patches to implement this have been drafted:

  • htmlhead - (patch)
  • Display Settings - (patch)

A word spoken in Mind will reach its own level, in the objective world, by its own weight

Replies are listed 'Best First'.
Re: Let users link in a javascript library (XSS)
by tye (Sage) on Apr 14, 2008 at 16:37 UTC

    It would be good to properly filter javascript from homenodes before rampantly encouraging use of javascript at PerlMonks. Since the current state of homenodes makes for a nearly perfect example of how to enable cross-site scripting attacks, I think that removing that problem really needs to come first.

    - tye        

Re: Let users link in a javascript library
by ysth (Canon) on Apr 14, 2008 at 22:04 UTC
    To add to what tye says, I'd like html filtering to be mandatory (or at the very very least, the default, retroactively set for all current monks).

    AIUI, the homenode thing basically means deciding which additional elements and attributes we want to allow on homenodes (plus a SMOP to implement it).

      In response to private messages, yes, either of these changes would need to be well advertised. But there's no point in doing so until someone steps forward to do the work. And until someone does, we really oughtn't advocate that people allow perlmonks to execute javascript.

        For the sake of clarity, my proposal to properly filter javascript requires filtering HTML as well. So, yes, if you want to see what is going to happen, go to User Settings and turn on "Filter HTML of monks' homenodes".

        My impression is that the allowed tags are already pretty much where they can and should be.

        As a first step, we should turn on this setting for AnonyMonk (not as easy at one might guess, since I've tried before and failed). Another attempt is now on the top of my to-do list.

        - tye        

        A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Let users link in a javascript library
by Argel (Prior) on Apr 14, 2008 at 19:46 UTC
    Slightly off-topic -- has any thought been given to hosting jQuery (and some of the others) so we would not have to go off-site to pull in the code?

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: monkdiscuss [id://680323]
Approved by Corion
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others examining the Monastery: (4)
As of 2024-03-29 09:19 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found