2009-01-09 23:29 | 
yuri
"Yuri Takhteyev" < <yuri at sims.berkeley.edu>
(The question was asked off the list but I am replying to the list since this might be of interest to others.) > Is there a way to allow some specific scripts to run in Sputnik ? > I would like to include something like: > > <script language="JavaScript" > src="http://www.gvisit.com/record.php?sid=..." > type="text/javascript"></script> Yes, though in the current version you would need to dive into code for this, since I looks like I forgot to add a config parameter for this. Go to ~/sputnik/rocks/sputnik/8.08.13-0/lua/sputnik/markup/markdown.lua and add the following line after 'filter.allowed_tags.a.css_class = "."': filter.allowed_tags.script = { src="^http://www%.gvisit%.com/", language="JavaScript", ["type"]="text%/javascript" } This will allow "script" tag, but will include its attributes only if they match the specified patterns. In particular, it will only include the src attribute if it matches the pattern "^http://www%.gvisit%.com/". You can specify multiple patterns my setting the value of the attribute to a table rather than a string: filter.allowed_tags.script = { src={"^http://example%.com", "^http://www%.gvisit%.com/"}, language="JavaScript", ["type"]="text%/javascript" } I think I will add a node field for this in Fenchurch, but it will use the same format. That is, you would login as root and go edit the "xssfilter_allowed_tags" field, adding something like this to it: script = { src={"^http://example%.com", "^http://www%.gvisit%.com/"}, } This would make it possible to allow/disallow tags for all nodes, all nodes of a particular type, or only specific nodes. - yuri -- http://sputnik.freewisdom.org/ _______________________________________________ Sputnik-list mailing list Sputnik-list@lists.luaforge.net http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list
2009-01-30 08:55 | yuri
"Yuri Takhteyev" < <yuri at sims.berkeley.edu>
> It also should be noted that you can import javascript or include > snippets via the sputnik API as well when you are working on your own > custom actions. The pertinent functions: > > node:add_javascript_link(href) > node:add_javascript_snippet(snippet) Jim is right about this and it's a better way to add javascript in most cases. The advantage of this method is that the javascript would go into the head of the document, where it really belongs - in most cases. In this particular case, though, I think the script in question needs to be in the body, because it inserts the widget at the place where the script is entered. - yuri -- http://sputnik.freewisdom.org/ _______________________________________________ Sputnik-list mailing list Sputnik-list@lists.luaforge.net http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list
2009-01-30 08:55 | 
dadosutter
"Dado Sutter" < <dadosutter at gmail.com>
--===============1564720177== Content-Type: multipart/alternative; boundary="----=_Part_150804_5325776.1231340642192" ------=_Part_150804_5325776.1231340642192 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Thank you very much Yuri ! :) Best Dado On Tue, Jan 6, 2009 at 11:16, Yuri Takhteyev <yuri@sims.berkeley.edu> wrote: > (The question was asked off the list but I am replying to the list > since this might be of interest to others.) > > > Is there a way to allow some specific scripts to run in Sputnik ? > > I would like to include something like: > > > > <script language="JavaScript" > > src="http://www.gvisit.com/record.php?sid=..." > > type="text/javascript"></script> > > Yes, though in the current version you would need to dive into code > for this, since I looks like I forgot to add a config parameter for > this. > > Go to ~/sputnik/rocks/sputnik/8.08.13-0/lua/sputnik/markup/markdown.lua > and add the following line after 'filter.allowed_tags.a.css_class = > "."': > > filter.allowed_tags.script = { > src="^http://www%.gvisit%.com/", > language="JavaScript", > ["type"]="text%/javascript" > } > > This will allow "script" tag, but will include its attributes only if > they match the specified patterns. In particular, it will only include > the src attribute if it matches the pattern > "^http://www%.gvisit%.com/". > You can specify multiple patterns my setting the value of the > attribute to a table rather than a string: > > filter.allowed_tags.script = { > src={"^http://example%.com", "^http://www%.gvisit%.com/"}, > language="JavaScript", > ["type"]="text%/javascript" > } > > I think I will add a node field for this in Fenchurch, but it will use > the same format. That is, you would login as root and go edit the > "xssfilter_allowed_tags" field, adding something like this to it: > > script = { > src={"^http://example%.com", "^http://www%.gvisit%.com/"}, > } > > This would make it possible to allow/disallow tags for all nodes, all > nodes of a particular type, or only specific nodes. > > - yuri > > -- > http://sputnik.freewisdom.org/ > > _______________________________________________ > Sputnik-list mailing list > Sputnik-list@lists.luaforge.net > http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list > ------=_Part_150804_5325776.1231340642192 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Thank you very much Yuri ! :)<br><br>Best<br>Dado<br><br><br><div class="gmail_quote">On Tue, Jan 6, 2009 at 11:16, Yuri Takhteyev <span dir="ltr"><<a href="mailto:yuri@sims.berkeley.edu">yuri@sims.berkeley.edu</a>></span> wrote:<br> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">(The question was asked off the list but I am replying to the list<br> since this might be of interest to others.)<br> <div class="Ih2E3d"><br> > Is there a way to allow some specific scripts to run in Sputnik ?<br> > I would like to include something like:<br> ><br> > <script language="JavaScript"<br> </div>> src="<a href="http://www.gvisit.com/record.php?sid=.." target="_blank">http://www.gvisit.com/record.php?sid=..</a>."<br> > type="text/javascript"></script><br> <br> Yes, though in the current version you would need to dive into code<br> for this, since I looks like I forgot to add a config parameter for<br> this.<br> <br> Go to ~/sputnik/rocks/sputnik/8.08.13-0/lua/sputnik/markup/markdown.lua<br> and add the following line after 'filter.allowed_tags.a.css_class =<br> "."':<br> <br> filter.allowed_tags.script = {<br> src="^<a href="http://www" target="_blank">http://www</a>%.gvisit%.com/",<br> language="JavaScript",<br> ["type"]="text%/javascript"<br> }<br> <br> This will allow "script" tag, but will include its attributes only if<br> they match the specified patterns. In particular, it will only include<br> the src attribute if it matches the pattern<br> "^<a href="http://www" target="_blank">http://www</a>%.gvisit%.com/".<br> You can specify multiple patterns my setting the value of the<br> attribute to a table rather than a string:<br> <br> filter.allowed_tags.script = {<br> src={"^<a href="http://example" target="_blank">http://example</a>%.com", "^<a href="http://www" target="_blank">http://www</a>%.gvisit%.com/"},<br> language="JavaScript",<br> ["type"]="text%/javascript"<br> }<br> <br> I think I will add a node field for this in Fenchurch, but it will use<br> the same format. That is, you would login as root and go edit the<br> "xssfilter_allowed_tags" field, adding something like this to it:<br> <br> script = {<br> src={"^<a href="http://example" target="_blank">http://example</a>%.com", "^<a href="http://www" target="_blank">http://www</a>%.gvisit%.com/"},<br> }<br> <br> This would make it possible to allow/disallow tags for all nodes, all<br> nodes of a particular type, or only specific nodes.<br> <br> - yuri<br> <font color="#888888"><br> --<br> <a href="http://sputnik.freewisdom.org/" target="_blank">http://sputnik.freewisdom.org/</a><br> <br> _______________________________________________<br> Sputnik-list mailing list<br> <a href="mailto:Sputnik-list@lists.luaforge.net">Sputnik-list@lists.luaforge.net</a><br> <a href="http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list" target="_blank">http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list</a><br> </font></blockquote></div><br> ------=_Part_150804_5325776.1231340642192-- --===============1564720177== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Sputnik-list mailing list Sputnik-list@lists.luaforge.net http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list --===============1564720177==--
2009-01-30 08:55 | 
jnwhiteh
"Jim Whitehead II" < <jnwhiteh at gmail.com>
On Tue, Jan 6, 2009 at 1:16 PM, Yuri Takhteyev <yuri@sims.berkeley.edu> wrote: > (The question was asked off the list but I am replying to the list > since this might be of interest to others.) > >> Is there a way to allow some specific scripts to run in Sputnik ? >> I would like to include something like: >> >> <script language="JavaScript" >> src="http://www.gvisit.com/record.php?sid=..." >> type="text/javascript"></script> > > Yes, though in the current version you would need to dive into code > for this, since I looks like I forgot to add a config parameter for > this. > > Go to ~/sputnik/rocks/sputnik/8.08.13-0/lua/sputnik/markup/markdown.lua > and add the following line after 'filter.allowed_tags.a.css_class = > "."': > > filter.allowed_tags.script = { > src="^http://www%.gvisit%.com/", > language="JavaScript", > ["type"]="text%/javascript" > } > > This will allow "script" tag, but will include its attributes only if > they match the specified patterns. In particular, it will only include > the src attribute if it matches the pattern > "^http://www%.gvisit%.com/". > You can specify multiple patterns my setting the value of the > attribute to a table rather than a string: > > filter.allowed_tags.script = { > src={"^http://example%.com", "^http://www%.gvisit%.com/"}, > language="JavaScript", > ["type"]="text%/javascript" > } > > I think I will add a node field for this in Fenchurch, but it will use > the same format. That is, you would login as root and go edit the > "xssfilter_allowed_tags" field, adding something like this to it: > > script = { > src={"^http://example%.com", "^http://www%.gvisit%.com/"}, > } > > This would make it possible to allow/disallow tags for all nodes, all > nodes of a particular type, or only specific nodes. It also should be noted that you can import javascript or include snippets via the sputnik API as well when you are working on your own custom actions. The pertinent functions: node:add_javascript_link(href) node:add_javascript_snippet(snippet) This allows you to add code inline, or to simply pull in a script from a remote source. - Jim _______________________________________________ Sputnik-list mailing list Sputnik-list@lists.luaforge.net http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list
2009-01-30 08:55 | dadosutter
"Dado Sutter" < <dadosutter at gmail.com>
--===============0644981735== Content-Type: multipart/alternative; boundary="----=_Part_12103_17620180.1232377008642" ------=_Part_12103_17620180.1232377008642 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Thank you guys ! Best Dado On Wed, Jan 7, 2009 at 17:57, Yuri Takhteyev <yuri@sims.berkeley.edu> wrote: > > It also should be noted that you can import javascript or include > > snippets via the sputnik API as well when you are working on your own > > custom actions. The pertinent functions: > > > > node:add_javascript_link(href) > > node:add_javascript_snippet(snippet) > > Jim is right about this and it's a better way to add javascript in > most cases. The advantage of this method is that the javascript would > go into the head of the document, where it really belongs - in most > cases. In this particular case, though, I think the script in question > needs to be in the body, because it inserts the widget at the place > where the script is entered. > > - yuri > > -- > http://sputnik.freewisdom.org/ > > _______________________________________________ > Sputnik-list mailing list > Sputnik-list@lists.luaforge.net > http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list > ------=_Part_12103_17620180.1232377008642 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Thank you guys !<br><br>Best<br>Dado<br><br><br><div class="gmail_quote">On Wed, Jan 7, 2009 at 17:57, Yuri Takhteyev <span dir="ltr"><<a href="mailto:yuri@sims.berkeley.edu">yuri@sims.berkeley.edu</a>></span> wrote:<br> <blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">> It also should be noted that you can import javascript or include<br> > snippets via the sputnik API as well when you are working on your own<br> > custom actions. The pertinent functions:<br> ><br> > node:add_javascript_link(href)<br> > node:add_javascript_snippet(snippet)<br> <br> </div>Jim is right about this and it's a better way to add javascript in<br> most cases. The advantage of this method is that the javascript would<br> go into the head of the document, where it really belongs - in most<br> cases. In this particular case, though, I think the script in question<br> needs to be in the body, because it inserts the widget at the place<br> where the script is entered.<br> <div class="Ih2E3d"><br> - yuri<br> <br> --<br> <a href="http://sputnik.freewisdom.org/" target="_blank">http://sputnik.freewisdom.org/</a><br> <br> _______________________________________________<br> </div><div><div></div><div class="Wj3C7c">Sputnik-list mailing list<br> <a href="mailto:Sputnik-list@lists.luaforge.net">Sputnik-list@lists.luaforge.net</a><br> <a href="http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list" target="_blank">http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list</a><br> </div></div></blockquote></div><br> ------=_Part_12103_17620180.1232377008642-- --===============0644981735== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Sputnik-list mailing list Sputnik-list@lists.luaforge.net http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list --===============0644981735==--