On Mon, Jul 2, 2012 at 8:02 AM, Daniel Barrett <danb(a)vistaprint.com> wrote:
Because the output may contain JavaScript and it's
converting "if (a&&b)" to "if (a&&b)".
The extension is a tag "<javascript>" that adds arbitrary javascript,
supplied by the user, to the wiki page. Security is not an issue because this is a
completely internal wiki.
Is there a better way to implement a <javascript> parser tag extension so the
HTML-conversion issue doesn't happen?
This may be a bit of an uphill battle for you, since typically people
do *not* want to allow javascript to be able to be inserted! I'm not
entirely sure how many patches you would need to make to get
javascript in a page to be rendered, but I think you've only hit the
first of at least a few.
One slightly easier way that you may be able to get this working would
be to write the javascript in a separate page, and then inside your
your parser extension, have it write out:
<script>importScript('title_of_script_page');</script>. That will cut
down on the number of characters you need to get unchanged onto the
page.
That being said, I would say there is almost never a case when
security is not an issue. By doing this, you are pretty much allowing
every user to become an admin with some simple privileged escalation
javascript... so you may want to instead make them all admins and let
them edit Common.js as needed.