Hi Jeremy, This seems a major cutback.and as such is really bad news.
Does that mean that none of what we call transclusions these days will work in TiddlySpace?!? Would it be reasonalbe to ask for an ability to allow users to turn on "insecure mode"? Why not simply handle transclusions like plugins instead... security- wise? Meaning: to require a standard tag indicating that something is a transclusion which only then allows for parameter evaluation ...otherwise not. There really should be no diffference in managing transclusions or plugins as both contain executable code. I understand the concerns, but I think it were better to advise users on their responsibility as to "know" what they include and to improve a user's ability to evaluate the reliability or stability of such content by seeing user votes on these things or knowing trustworthy authors, etc. I also understand that anything {{eval}} presents possible security issues. But, would you mind explaining precisely how malicious users can hijack another users space? How is disallowing parameter evaluation not just but one of a of a myriad of (potential) security problems and therefore maybe not worthy restricting as there is plenty more, equally exploitable room for manipulation? Of course, no client-side manipulation should be able to compromise the server, but (potentially) only a user's data instead. This issue feels to me like - yet again - (maybe just a false sense of) security comes at the cost of utterly restricting degrees of freedom... which I most always tend to find rather unfortunate. So here is my vote for a policy that reads like this: "Put plugins and transclusions on an equal standing while letting users decide on how secure they need their spaces and contents to be (or user managers on the security level of members in the user group they are to manage ...if something like that should ever be developped.)" Kind regards, Tobias. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To post to this group, send email to tiddlyw...@googlegroups.com. To unsubscribe from this group, send email to tiddlywiki+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/tiddlywiki?hl=en.