[dokuwiki] Re: Extending the parser
- From: Matthias Grimm <matthiasgrimm@xxxxxxxxxxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Tue, 17 May 2005 20:21:17 +0200
On Fri, 13 May 2005 23:16:16 +0200
Matthias Grimm <matthiasgrimm@xxxxxxxxxxxxxxxxxxxxx> wrote:
> On Fri, 13 May 2005 21:49:30 +0200
> Andreas Gohr <andi@xxxxxxxxxxxxxx> wrote:
>
> > Hi!
> >
> > > 1. calling javascript routines from links like
> > > <a href="javascript:something">blafasel</a>
> >
> > Well not a good idea to allow users to add javascript I think (XSS
> > problems) - but see FS#227 for a possible solution
This solutions works. I was able to limit the javascript access to only
a few functions so that the security risk through user's unlimited
access to javascript become a minimum.
> > > 2. redirect a link into a new browser window.
> > > add a target="_blank" to a link
> >
> > Hmm isn't $conf['target'] enough?
Yes, it is enough ... for now ;-) I checked the feature and I got
erverything work I wanted to get work. At the end I was able to disable
embedded HTML again. Thanks for your help.
Best Regards
Matthias
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
