The HTML macro doesn't execute JavaScript code. It outputs HTML code that ends up being interpreted by the browser. So in order to prevent the execution of the JavaScript code that might be embedded in the HTML code generated by the HTML macro, the options are:
(1) prevent the usage of the HTML macro (I don't know if it's possible right now, but it would be nice to be able to add a wiki macro, HTML in this case, to the list of wiki macros that require Script right in order to be executed) (2) add support for "cleaning" the JavaScript code from the output produced by the HTML macro (enabled with a parameter) (3) modify the HTML macro to require Script right when JavaScript code is detected Unfortunately none is implemented yet, afaik. On Fri, Apr 15, 2016 at 11:56 PM, Andrew Kuang <afku...@gmail.com> wrote: > Hi, > > I wanted to assess how difficult it might be to disable all javascript > execution in HTML macros on XWiki. My main concern would be to avoid > breaking any important XWiki pages that utilize javascript within the HTML > macro (as referenced here: > http://lists.xwiki.org/pipermail/users/2009-June/012226.html). Is there > any > XWiki functionality that is still dependent on executing javascript via > {{html}}? > > I also noticed in the comments on this JIRA issue > ( > https://jira.xwiki.org/browse/XRENDERING-27?jql=text%20~%20%22html%20macro%20script%22 > ), > Vincent Massol mentioned that wiki macros 2.0 will be designed in such a > way > that we can override the HTML macro and filter out javascript usages. I was > wondering if this was still the best solution to disabling future javscript > usage within {{html}}. Thank you! > > > > -- > View this message in context: > http://xwiki.475771.n2.nabble.com/Disabling-javascript-in-HTML-macro-tp7599019.html > Sent from the XWiki- Users mailing list archive at Nabble.com. > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
