[tw] Re: [TW5] Inline javascript for private wiki

2015-08-12 Thread 'Mark S.' via TiddlyWiki 
Thanks for the tip*, Eric !

>From my perspective, TW has done away with JS. I have created a couple of 
widgets, but wasn't very happy with the process. Mostly cut and paste prior 
widgets, alter, and hope that it works. There's stuff going on in the DOM, 
and basically you have to take it on faith. 

Before if I needed to sum up the cost field of a series of tiddlers tagged 
as Receipts, I could do it. If I wanted to find all the tiddlers with a 
value above the average for the group, I could do it. If I wanted to list 
planting dates and calculated germination dates, I could do it.

I still don't understand what the security risks are. In general, hackers 
are better coders than I am. I'm sure they could write a plugin or widget 
exploit. I would have no hope of wading through a plugin code and detecting 
the hack. But if I didn't need the plugin -- because I wrote my own 
summation routine, for instance -- my system would be more secure than 
having to depend on 3rd party sources.

Thanks!
*clink,clink

On Tuesday, August 11, 2015 at 11:18:39 AM UTC-7, Eric Shulman wrote:
>
> On Tuesday, August 11, 2015 at 8:54:54 AM UTC-7, Mark S. wrote:
>>
>> How would I, with TW5 technology, transfer the information from one set 
>> of tiddlers to a second set based on a matching field? Or how would I 
>> delete several tiddlers at once? You can set things up so you have a delete 
>> button (or a transfer button) for a series of tiddlers, but you still have 
>> to click each button -- even if you have hundreds. If I'm wrong about this, 
>> I would be glad to know!
>>
>
> You can delete multiple tiddlers with the <$action-deletetiddler> widget 
> using a filter="..." param, like this:
>
> <$button>
> <$action-deletetiddler $filter="[tag[TableOfContents]]"/>
> Delete tiddlers tagged "~TableOfContents" 
>  
>  
>
>> There ought to be some way to make javascript access secure. In any 
>> event, as long as the TW is a local file, what is the danger? It couldn't 
>> be more dangerous than the executables that people download every day. You 
>> just have to be careful what your source is. To me, taking away javascript 
>> is like taking the steering wheel out of a car because it might be used in 
>> a bank robbery. 
>>
>
> TW5 has not "taken away" javascript.  You just can't use it *inline*. 
>  Instead, you must put your custom javascript code into a tiddler-based 
> modules (widget, macro, library, startup, etc.).  This was done 
> specifically to "make javascript access secure" by providing the TW core 
> with a mechanism to perform consistency and safety checks on the code 
> before allowing it to be incorporated into the runtime environment.
>
> -e
>

-- 
You received this message because you are subscribed to the Google Groups 
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tiddlywiki+unsubscr...@googlegroups.com.
To post to this group, send email to tiddlywiki@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tiddlywiki/edbff043-eef5-4f9c-b7ee-f090880fec87%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[tw] Re: [TW5] Inline javascript for private wiki

2015-08-11 Thread Eric Shulman 
On Tuesday, August 11, 2015 at 8:54:54 AM UTC-7, Mark S. wrote:
>
> How would I, with TW5 technology, transfer the information from one set of 
> tiddlers to a second set based on a matching field? Or how would I delete 
> several tiddlers at once? You can set things up so you have a delete button 
> (or a transfer button) for a series of tiddlers, but you still have to 
> click each button -- even if you have hundreds. If I'm wrong about this, I 
> would be glad to know!
>

You can delete multiple tiddlers with the <$action-deletetiddler> widget 
using a filter="..." param, like this:

<$button>
<$action-deletetiddler $filter="[tag[TableOfContents]]"/>
Delete tiddlers tagged "~TableOfContents" 
 
 

> There ought to be some way to make javascript access secure. In any event, 
> as long as the TW is a local file, what is the danger? It couldn't be more 
> dangerous than the executables that people download every day. You just 
> have to be careful what your source is. To me, taking away javascript is 
> like taking the steering wheel out of a car because it might be used in a 
> bank robbery. 
>

TW5 has not "taken away" javascript.  You just can't use it *inline*. 
 Instead, you must put your custom javascript code into a tiddler-based 
modules (widget, macro, library, startup, etc.).  This was done 
specifically to "make javascript access secure" by providing the TW core 
with a mechanism to perform consistency and safety checks on the code 
before allowing it to be incorporated into the runtime environment.

-e

-- 
You received this message because you are subscribed to the Google Groups 
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tiddlywiki+unsubscr...@googlegroups.com.
To post to this group, send email to tiddlywiki@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tiddlywiki/eeafba96-2d3c-4269-9327-d60db2cbbdf7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[tw] Re: [TW5] Inline javascript for private wiki

2015-08-11 Thread 'Mark S.' via TiddlyWiki 
Hi Eric,

How would I, with TW5 technology, transfer the information from one set of 
tiddlers to a second set based on a matching field? Or how would I delete 
several tiddlers at once? You can set things up so you have a delete button 
(or a transfer button) for a series of tiddlers, but you still have to 
click each button -- even if you have hundreds. If I'm wrong about this, I 
would be glad to know!

There ought to be some way to make javascript access secure. In any event, 
as long as the TW is a local file, what is the danger? It couldn't be more 
dangerous than the executables that people download every day. You just 
have to be careful what your source is. To me, taking away javascript is 
like taking the steering wheel out of a car because it might be used in a 
bank robbery. 

Thanks!
Mark

On Monday, August 10, 2015 at 9:44:12 PM UTC-7, Eric Shulman wrote:
>
> On Monday, August 10, 2015 at 9:10:03 PM UTC-7, John wrote:
>>
>> I want to be able to run javascript inside a tiddler.
>> ...
>>
> I tried the steps for installing InlineJavascriptPlugin into my desktop 
>> wiki ( from Widgeds)
>>
>
> InlineJavascriptPlugin (and all other TiddlyTools add-ons) are for 
> TiddlyWiki Classic *only*.
>
> There is NO support for inline scripting in TW5, as this creates a huge 
> security hole.  In fact, TW5's parser explicitly "sanitizes" all content so 
> that it cannot invoke javascript code directly.  This means that all 
> ... elements are stripped from the content before 
> rendering, as are all "onXXX" handlers (e.g., "onClick, onChange, onSubmit, 
> etc.).
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tiddlywiki+unsubscr...@googlegroups.com.
To post to this group, send email to tiddlywiki@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tiddlywiki/4bf870c0-da57-4f85-951e-f49341b150f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[tw] Re: [TW5] Inline javascript for private wiki

2015-08-10 Thread John 
Just saw the campaign at indegogo. 

A humble suggestion: Limiting payments in USD, limits collecting funds from 
all over the world.
The world has more well wishers than people with credit cards. 
People living outside US wouldn't want the hassle of a Credit card and the 
hassle of using it online to fund such projects.

Wished I could order a "Tangible Asset like an iTunes card" on sites like 
Amazon / Bookstores to submit funds for the project without actually using 
a credit card online.

Regards

On Tuesday, August 11, 2015 at 8:44:12 AM UTC+4, Eric Shulman wrote:
>
> On Monday, August 10, 2015 at 9:10:03 PM UTC-7, John wrote:
>>
>> I want to be able to run javascript inside a tiddler.
>> ...
>>
> I tried the steps for installing InlineJavascriptPlugin into my desktop 
>> wiki ( from Widgeds)
>>
>
> InlineJavascriptPlugin (and all other TiddlyTools add-ons) are for 
> TiddlyWiki Classic *only*.
>
> There is NO support for inline scripting in TW5, as this creates a huge 
> security hole.  In fact, TW5's parser explicitly "sanitizes" all content so 
> that it cannot invoke javascript code directly.  This means that all 
> ... elements are stripped from the content before 
> rendering, as are all "onXXX" handlers (e.g., "onClick, onChange, onSubmit, 
> etc.).
>
> Work involves a lot of documentation involving forms. 
>> Its easy to replicate those forms using HTML/JS.
>> The guidelines for using those forms are the primary reason for using a 
>> tiddler/Tiddlywiki @work.
>> So would like to show those forms in a tiddler that responds upon 
>> entering data.
>>
>  
> You can create fully interactive forms using TiddlyWiki native widgets 
> (e.g., $edit-text, $checkbox, $radio, $select, etc.).  These widgets can 
> bind their inputs to tiddler fields.  Everything you input can be 
> automatically written to a tiddler field, so you can then use tiddler 
> TextReferences (e.g., "SomeTiddler!!fieldname") to access and display those 
> values.  For advanced form processing, you would need write your own custom 
> action widget that can be triggered by a $button widget. 
> The action widget could process the form input using native javascript to 
> perform additional steps such as validation of inputs and calcuation of 
> derived values.  The widget could then write whatever results it wants to 
> tiddler fields as appropriate.
>
> Besides, it would allow to use other interactive elements within a 
>> tiddler. - show/hide content like a flashcard, interactive quizzes etc.
>>
>
> In addition to the widgets for creating form controls, TiddlyWiki also 
> provides a $reveal widget that lets you optionally display of selected 
> blocks of content based on a "state" value tracked in a tiddler field or 
> environment variable.  You use the $button widget to toggle the state 
> value, and the content in the corresponding $reveal widgets is rendered or 
> hidden based on that state value.
>
> enjoy,
> -e
> Eric Shulman
> ELS Design Studios
> TiddlyTools - "Small Tools for Big Ideas!"
> InsideTiddlyWiki: The Missing Manuals
>
> YOUR DONATIONS ARE VERY IMPORTANT!
> HELP ME TO HELP YOU - MAKE A CONTRIBUTION TO MY "TIP JAR"...
>http://TiddlyTools.github.com/fundraising.html#MakeADonation
>
> Professional TiddlyWiki Consulting Services...
> Analysis, Design, and Custom Solutions:
>http://www.TiddlyTools.com/#Contact
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tiddlywiki+unsubscr...@googlegroups.com.
To post to this group, send email to tiddlywiki@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tiddlywiki/a81744af-5b6e-4827-aa41-8acbf3aaa7d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[tw] Re: [TW5] Inline javascript for private wiki

2015-08-10 Thread John 
Just saw the campaign at indegogo. 

A humble suggestion: Limiting payments in USD, limits collecting funds from 
all over the world.
The world has more well wishers than people with credit cards. 
People living outside US wouldn't want the hassle of a Credit card and the 
hassle of using it online to fund such projects.

Wished I could order a "Tangible Asset like an iTunes card" on sites like 
Amazon / Bookstores to submit funds for the project without actually using 
a credit card online.

Regards

On Tuesday, August 11, 2015 at 9:39:06 AM UTC+4, John wrote:
>
> Much appreciate Eric for the detailed reply.
>
> Relieved to know there are form widgets and reveal widget in tiddly to 
> fiddle with. They sound super cool. 
>
> One other thing. Noted "InsideTiddlyWiki: The Missing Manuals" in your 
> signature !
> Is it a tutorial, ebook or such resource? 
> If so it is a relief as TW5 badly needs more tutorials on customizing 
> Tiddlies. 
>
>
> Onwards fiddling with my tiddlies...
>
>
>
>
> On Tuesday, August 11, 2015 at 8:10:03 AM UTC+4, John wrote:
>>
>> Hi All
>>
>> New bee-n to TW5.
>> Been using it as my personal notebook for work and play.
>>
>> I want to be able to run javascript inside a tiddler.
>>
>> *Purpose: *
>> Work involves a lot of documentation involving forms. 
>> Its easy to replicate those forms using HTML/JS.
>> The guidelines for using those forms are the primary reason for using a 
>> tiddler/Tiddlywiki @work.
>> So would like to show those forms in a tiddler that responds upon 
>> entering data.
>> Besides, it would allow to use other interactive elements within a 
>> tiddler. - show/hide content like a flashcard, interactive quizzes etc.
>>
>> I tried the steps for installing InlineJavascriptPlugin into my desktop 
>> wiki ( from Widgeds)
>>
>>
>>1. Go to the inlineJavascript plugin page 
>> and click on 
>>EDIT and copy the content of the yellow box, under code. Make sure you 
>> get 
>>all the characters.
>>2. Open your TiddlyWiki and click on NEW TIDDLER
>>3. Give your Tiddler a title and a tag  *“systemConfig”*
>>4. Paste the code you copied into this Tiddler and click SAVE CHANGES
>>5. Relaunch your TiddlyWiki and you are set!
>>
>> Then tried the following script in a tiddler.
>>   1. set content type to 'text/html'
>>   2. code
>>
>> `
>>
>> function toggle() {
>>  var ele = document.getElementById("toggleText");
>>  var text = document.getElementById("displayText");
>>  if(ele.style.display == "block") {
>>  ele.style.display = "none";
>>  text.innerHTML = "show";
>>  }
>>  else {
>>  ele.style.display = "block";
>>  text.innerHTML = "hide";
>>  }} 
>>  
>> show <== click Here 
>>
>> Displaying hidden 
>> Content`
>>
>> But that only creates a tiddler with a 'show' link. Clicking which 
>> produces no response!
>>
>> Any suggestions how to make this work?
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tiddlywiki+unsubscr...@googlegroups.com.
To post to this group, send email to tiddlywiki@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tiddlywiki/48b767ca-df1d-4628-b819-c127c05f70ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[tw] Re: [TW5] Inline javascript for private wiki

2015-08-10 Thread John 
Much appreciate Eric for the detailed reply.

Relieved to know there are form widgets and reveal widget in tiddly to 
fiddle with. They sound super cool. 

One other thing. Noted "InsideTiddlyWiki: The Missing Manuals" in your 
signature !
Is it a tutorial, ebook or such resource? 
If so it is a relief as TW5 badly needs more tutorials on customizing 
Tiddlies. 


Onwards fiddling with my tiddlies...




On Tuesday, August 11, 2015 at 8:10:03 AM UTC+4, John wrote:
>
> Hi All
>
> New bee-n to TW5.
> Been using it as my personal notebook for work and play.
>
> I want to be able to run javascript inside a tiddler.
>
> *Purpose: *
> Work involves a lot of documentation involving forms. 
> Its easy to replicate those forms using HTML/JS.
> The guidelines for using those forms are the primary reason for using a 
> tiddler/Tiddlywiki @work.
> So would like to show those forms in a tiddler that responds upon entering 
> data.
> Besides, it would allow to use other interactive elements within a 
> tiddler. - show/hide content like a flashcard, interactive quizzes etc.
>
> I tried the steps for installing InlineJavascriptPlugin into my desktop 
> wiki ( from Widgeds)
>
>
>1. Go to the inlineJavascript plugin page 
> and click on EDIT 
>and copy the content of the yellow box, under code. Make sure you get all 
>the characters.
>2. Open your TiddlyWiki and click on NEW TIDDLER
>3. Give your Tiddler a title and a tag  *“systemConfig”*
>4. Paste the code you copied into this Tiddler and click SAVE CHANGES
>5. Relaunch your TiddlyWiki and you are set!
>
> Then tried the following script in a tiddler.
>   1. set content type to 'text/html'
>   2. code
>
> `
>
> function toggle() {
>   var ele = document.getElementById("toggleText");
>   var text = document.getElementById("displayText");
>   if(ele.style.display == "block") {
>   ele.style.display = "none";
>   text.innerHTML = "show";
>   }
>   else {
>   ele.style.display = "block";
>   text.innerHTML = "hide";
>   }} 
>  
> show <== click Here 
>
> Displaying hidden 
> Content`
>
> But that only creates a tiddler with a 'show' link. Clicking which 
> produces no response!
>
> Any suggestions how to make this work?
>

-- 
You received this message because you are subscribed to the Google Groups 
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tiddlywiki+unsubscr...@googlegroups.com.
To post to this group, send email to tiddlywiki@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tiddlywiki/9e6c8344-766c-4c20-a8fd-1b22bb8a574d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[tw] Re: [TW5] Inline javascript for private wiki

2015-08-10 Thread Eric Shulman 
On Monday, August 10, 2015 at 9:10:03 PM UTC-7, John wrote:
>
> I want to be able to run javascript inside a tiddler.
> ...
>
I tried the steps for installing InlineJavascriptPlugin into my desktop 
> wiki ( from Widgeds)
>

InlineJavascriptPlugin (and all other TiddlyTools add-ons) are for 
TiddlyWiki Classic *only*.

There is NO support for inline scripting in TW5, as this creates a huge 
security hole.  In fact, TW5's parser explicitly "sanitizes" all content so 
that it cannot invoke javascript code directly.  This means that all 
... elements are stripped from the content before 
rendering, as are all "onXXX" handlers (e.g., "onClick, onChange, onSubmit, 
etc.).

Work involves a lot of documentation involving forms. 
> Its easy to replicate those forms using HTML/JS.
> The guidelines for using those forms are the primary reason for using a 
> tiddler/Tiddlywiki @work.
> So would like to show those forms in a tiddler that responds upon entering 
> data.
>
 
You can create fully interactive forms using TiddlyWiki native widgets 
(e.g., $edit-text, $checkbox, $radio, $select, etc.).  These widgets can 
bind their inputs to tiddler fields.  Everything you input can be 
automatically written to a tiddler field, so you can then use tiddler 
TextReferences (e.g., "SomeTiddler!!fieldname") to access and display those 
values.  For advanced form processing, you would need write your own custom 
action widget that can be triggered by a $button widget. 
The action widget could process the form input using native javascript to 
perform additional steps such as validation of inputs and calcuation of 
derived values.  The widget could then write whatever results it wants to 
tiddler fields as appropriate.

Besides, it would allow to use other interactive elements within a tiddler. 
> - show/hide content like a flashcard, interactive quizzes etc.
>

In addition to the widgets for creating form controls, TiddlyWiki also 
provides a $reveal widget that lets you optionally display of selected 
blocks of content based on a "state" value tracked in a tiddler field or 
environment variable.  You use the $button widget to toggle the state 
value, and the content in the corresponding $reveal widgets is rendered or 
hidden based on that state value.

enjoy,
-e
Eric Shulman
ELS Design Studios
TiddlyTools - "Small Tools for Big Ideas!"
InsideTiddlyWiki: The Missing Manuals

YOUR DONATIONS ARE VERY IMPORTANT!
HELP ME TO HELP YOU - MAKE A CONTRIBUTION TO MY "TIP JAR"...
   http://TiddlyTools.github.com/fundraising.html#MakeADonation

Professional TiddlyWiki Consulting Services...
Analysis, Design, and Custom Solutions:
   http://www.TiddlyTools.com/#Contact

-- 
You received this message because you are subscribed to the Google Groups 
"TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to tiddlywiki+unsubscr...@googlegroups.com.
To post to this group, send email to tiddlywiki@googlegroups.com.
Visit this group at http://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/tiddlywiki/73afee1a-3600-4e16-813c-d4b2a9f1eb34%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.