[pmwiki-users] Idea for javascript in links
Patrick R. Michaud
pmichaud at pobox.com
Mon Dec 5 09:34:11 CST 2005
On Sun, Dec 04, 2005 at 02:14:43PM -0500, Henrik Bechmann wrote:
> I've been dancing around this fairly successfully so far, but I thought
> I'd float an idea for allowing javascript in links like:
>
> <a href="javascript:gotocalculatedsite('criteria')"
> onmouseover="respondtorollover('somearg')">Test active link</a>
>
> Namely in PmWiki markup it would look like
>
> [[@gotocalculatedsite('criteria')
> onmouseover=respondtorollover('somearg') | Test active link]]
>
> The @is inspired by spreadsheet "at" formula syntax.
>
> For security the administer would have to register allowed javascript
> functions in a config file:
>
> $AllowedJavascriptFunctions[]='gotocalculatedsite';
> $AllowedJavascriptFunctions[]='respondtorollover';
The security would have to be a bit more involved than simply
checking a list of allowed javascript functions -- we'd have to
be sure to prevent things like:
[[onmouseover=respondtorollover(location.href='http://www.example.com') | Test active link]]
In general I think it's safer to just create specialized markup
for any javascripting that needs to take place in a page.
Pm
More information about the pmwiki-users
mailing list