Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
2.11.0-M6
-
None
-
None
Description
If "jspwiki.translatorReader.allowHTML = true", JavaScript can be inserted into a page and executed like this:
[
{If page='SandBox' exists='true' <script language="javascript">document.writeln("<b>User Agent: </b>" + navigator.userAgent);</script>}]
However, if preview is turned on during editing, executing the JavaScript interferes with the editor, replacing the editor page with the output of the code execution. I'm not sure whether it's possible to fix this while still trying to execute JavaScript. If not, disabling JavaScript during preview seems fine.
https://jspwiki-wiki.apache.org/Wiki.jsp?page=TESTEST also shows this.