The purpose was to provide a macro capability, but not facility cross-site scripting attacks. Given that we don't know exactly how it would work, how do you see it as enabling cross-site scripting?
Perhaps my example was misleading since it included a URL, but isn't this same thing possible in JSPWiki (through an interwiki link) or by just including the URL in the page: [Click here!|http://www.google.com/search?q=foo] Also, it seems to me the purpose of interwiki links is to abstract away the URL necessary to link to the other wiki, not provide security, i.e. it is really only a shortcut to something the user could already do. I believe a separate question of mine on this list overlaps with the macro/alias thing, so I will share my recent research here. Using the InsertPage plugin (as suggested by someone else on this list) I thought I could build up a library of useful pieces, similar to the macro ability discussed in this thread. Unfortunatley, it didn't work as I had hoped for. My first test was using the Catagories feature (i.e. the ReferringPagesPlugin). Knowing that I will have many pages that have related 'Spec' pages, I created a new Wiki page called 'SpecList' that included only the following: !!!Specifications [{ReferringPagesPlugin include='*Spec' before='*' after='\n\n' }] These two lines are likely to be replicated all over my wiki, and if in the future I decide to embellish it a bit, I would like to have them defined in only one place. But when I included this page in another one (with InsertPage), it didn't work. It appears the ReferringPagesPlugin is invoked *before* the InsertPage plugin, so I get a list of pages that refer to the SpecList page, not the page I am currently in. So, InsertPage doesn't work like the macro ability I am describing here, but does give me hope. Is it possible to write another plugin similar to InsertPage (call it 'MacroPlugin') that inserts the contents of another page *before* any contained plugins are invoked? -- Bobman On Wed, Jul 2, 2008 at 9:41 PM, Andrew Jaquith <[EMAIL PROTECTED]> wrote: > Bob, Murray and all -- > > While the TiddlyWiki plugin sounds like it is very convenient for users, I > don't see something like this being part of JSPWiki unless the functionality > is carefully constrained. In particular, the capability to specify external > URLs has "cross site scripting" written all over it. ACLs would not be the > answer, either -- you'd want to create a custom Permission type for it, and > have the right to use it enshrined in the security policy. > > Andrew > > > On Jul 2, 2008, at 5:44 PM, Juan Pablo Santos RodrÃguez wrote: > > Hi Bob, >> >> may be interwiki links could help you with aliases? i.e., by default >> typing >> [Google:Bob], should be converted to http://www.google.com/search?q=Bob. >> Check both jspwiki.properties (Interwiki links section, lines 615-650) and >> http://www.jspwiki.org/wiki/InterWiki >> >> regarding the custom footer, as Janne said, you can implement your own >> PageFilter or extend BasicPageFilter to add your custom markup (overriding >> preTranslate method, for example). Another way could be using InsertPage >> plugin, available in the core distro. Initial code and some explanations >> at >> http://www.jspwiki.org/wiki/InsertPagePlugin >> >> cheers, >> jp >> >> 2008/7/2 Murray Altheim <[EMAIL PROTECTED]>: >> >> Bob Paige wrote: >>> [...] >>> >>> AliasPlugin is a type of marco feature that allows you to define new >>>> plugins >>>> on the fly. For example, I might define an alias called 'google' with a >>>> value of "http://www.google.com/search?q=$1";. Thus, whenever I put in >>>> the >>>> wiki markup "<<google jspwiki>>" (which is how you call a plugin in >>>> TiddlyWiki) it will insert "http://www.google.com/search?q=jspwiki";. >>>> This >>>> also works with wiki markup; I could use the aliasPlugin to insert wiki >>>> markup which is then interpreted by the wiki engine. >>>> >>>> As I work on the wiki for my work, I find myself putting the same >>>> footers >>>> on >>>> many pages, for example: >>>> ---- >>>> !!!Pages referencing me >>>> [{ReferringPagesPlugin}] >>>> >>>> It would be useful to define a macro that would resolve as this text, >>>> allowing me to redefine this footer without having to re-edit all the >>>> pages >>>> that use it. >>>> >>>> Does such a beast exist? If not, any leads on how to write it? >>>> >>>> >>> Bob, >>> >>> Since aliases need to be global across the entire wiki you'd need a >>> manager to collect them as well as to flag conflicts (e.g., if a >>> user creates an alias that already exists, their plugin would fail >>> and return an error message). >>> >>> The manager would be a singleton (for the wiki, not the JVM), and >>> there'd be a plugin to declare aliases. You'd then need some way to >>> use aliases, probably either a filter or a plugin that would access >>> the manager and obtain the replacement text. >>> >>> You could (as with any plugin) restrict the creation of aliases to >>> certain people via ACL or only authenticated users). >>> >>> You might look into the TagPlugin (which has a TagManager) as a >>> model. >>> >>> http://www.altheim.com/ceryle/wiki/Wiki.jsp?page=TagPlugin >>> http://www.altheim.com/ceryle/wiki/Wiki.jsp?page=TagManager >>> >>> I also note that John Volkar has donated an AliasPlugin to the set >>> of CeryleWikiPlugins >>> >>> http://www.altheim.com/ceryle/wiki/Wiki.jsp?page=AliasPlugin >>> >>> though that doesn't do what you're asking for, just reverse the >>> current page alias feature available in JSPWiki, i.e., you declare >>> on the page its own aliases. >>> >>> Hope that is helpful. >>> >>> Murray >>> >>> >>> ........................................................................... >>> Murray Altheim <murray07 at altheim.com> === >>> = >>> = >>> http://www.altheim.com/murray/ = = >>> === >>> SGML Grease Monkey, Banjo Player, Wantanabe Zen Monk = = = >>> = >>> >>> Boundless wind and moon - the eye within eyes, >>> Inexhaustible heaven and earth - the light beyond light, >>> The willow dark, the flower bright - ten thousand houses, >>> Knock at any door - there's one who will respond. >>> -- The Blue Cliff Record >>> >>> >
