On Mon, Jul 2, 2012 at 8:02 AM, Daniel Barrett danb@vistaprint.com wrote:
Because the output may contain JavaScript and it's converting "if (a&&b)" to "if (a&&b)".
The extension is a tag "<javascript>" that adds arbitrary javascript, supplied by the user, to the wiki page. Security is not an issue because this is a completely internal wiki.
Is there a better way to implement a <javascript> parser tag extension so the HTML-conversion issue doesn't happen?
This may be a bit of an uphill battle for you, since typically people do *not* want to allow javascript to be able to be inserted! I'm not entirely sure how many patches you would need to make to get javascript in a page to be rendered, but I think you've only hit the first of at least a few.
One slightly easier way that you may be able to get this working would be to write the javascript in a separate page, and then inside your your parser extension, have it write out: <script>importScript('title_of_script_page');</script>. That will cut down on the number of characters you need to get unchanged onto the page.
That being said, I would say there is almost never a case when security is not an issue. By doing this, you are pretty much allowing every user to become an admin with some simple privileged escalation javascript... so you may want to instead make them all admins and let them edit Common.js as needed.