Please list and comment Java Script Enabled Wikis here:
fox.wikis.com (for example)
Wiki Cpp (for the WYSIWYG mode only!)
Pliki Wiki (to make the Edit form's "Cancel" button work)
Not sure if this is exactly what is meant, but TWiki (www.twiki.org ) plugins, etc., often make use of Java Script.
-- Andy Glew
Moved from Why Doesnt Wiki Do Html
Q. Why not have it both ways? Let me input my text using either Wiki syntax or HTML syntax and just convert on the server side. When it's time for someone to edit it, just convert to whichever format they prefer. You could have a button/checkbox/whatever on the edit page to select which mode you want to see it in.
Py Wiki does this, though I'm not sure if that's by design or just an artifact of the implementation. Regardless, it turned out to be really handy. I particularly liked being able to throw tags in. -- Curtis Bartley
You do need to be careful of this, though, because you're allowing anybody to embed a potentially harmful HTML block into your system. Malicious users could use the opportunity to embed a nasty ActiveX control on the page (when rendered) that viewers of the page think is coming from you. -- Ted Neward
Indeed so, but doesn't Why Wiki Works apply here too? -- Piers Cawley
It's the difference between having a wiki that miscreants can harm, and having a wiki that miscreants can use to harm you.
It's quite easy to support a restricted subset of HTML, while at the same time screening out attempts to embed Java Script. -- Dave Smith
Yes, but how do you test the code?
Uhm, if I recall, don't all the scripting dialects have one thing in common? They are always enclosed in comment blocks - yes? So, I'm a little confused about "test the code" - test which code? You wouldn't "test" the script, you would simply ignore the whole block. Have I missed the point?
Actually, not all scripts are in comment blocks. It isn't required, and is only done to keep pitiful old browsers from making a mess of themselves or your page. More and more people aren't commenting out script blocks because it's unnecessary. The code they were referring to test was the Java Script filtering code, which would be dangerous to test, if you were going to try to expose yourself to dangerous Java Script code. Trying your hardest to get the code "alert('you lose!');" to work would be a safer way to test it. -- Jason Boyer
It's dead easy to strip harmful code from an html document. You merely allow x, y and z tags and strip any attributes of those tags. -- Ben Nolan
See also Wiki With Programmable Content
See original on c2.com