Uploaded image for project: 'JSPWiki'
  1. JSPWiki
  2. JSPWIKI-1130

Preview doesn't handle embedded JavaScript correctly

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.11.0-M6
    • Fix Version/s: None
    • Component/s: Editors
    • Labels:
      None

      Description

      If "jspwiki.translatorReader.allowHTML = true", JavaScript can be inserted into a page and executed like this:

      [

      {If page='SandBox' exists='true' <script language="javascript">document.writeln("<b>User Agent: </b>" + navigator.userAgent);</script>}

      ]

      However, if preview is turned on during editing, executing the JavaScript interferes with the editor, replacing the editor page with the output of the code execution. I'm not sure whether it's possible to fix this while still trying to execute JavaScript. If not, disabling JavaScript during preview seems fine.

      https://jspwiki-wiki.apache.org/Wiki.jsp?page=TESTEST also shows this.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              udittmer Ulf Dittmer
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: