[pmwiki-users] Form Input missing 4 types !!!!
Patrick R. Michaud
pmichaud at pobox.com
Mon Aug 28 11:34:59 CDT 2006
On Mon, Aug 28, 2006 at 11:26:56AM -0500, Ben Stallings wrote:
> PM replied to JB:
> >> To fix this security risk PMWiki could make it so the above
> >> various input control event attributes are restricted to:
> >>
> >> 1) calling a function only from the current url directory ()
> >>
> > As far as I know, it's not possible to restrict JavaScript functions
> > based on their source.
> >
> No, but it is possible to make the wiki insert a specific JavaScript
> function that is called by a different name in the wiki markup.
Yes, of course. This is what PmWiki does for a lot of things,
such as the GUI buttons in the edit form.
> So it seems to me that if JB really wants an (:input button:) markup,
> s/he should write a recipe that translates keywords into specific
> functions that have been approved by the wiki owner...
This has been my point all along...that stuff like this belongs
in recipes and that not everything belongs in the core.
Fortunately, PmWiki provides enough flexibility to make this
possible.
Pm
More information about the pmwiki-users
mailing list