Comments (5)
Dear @wassim,
Because of the danger of evaluating malicious code we can't allow a method to evaluate scripts in the core of Highway and we don't want to take responsibility of potential issues related to that. This means that for now the code evaluation will have to be done by yourself in the renderers of pages containing this kind of inline scripts within the onEnter
method for example.
Here is a code sample that should do the work but be careful about the code you are evaluating:
onEnter() {
const scripts = this.view.querySelectorAll('script');
for (const script of scripts) {
const code = script.innerText;
if (code.length !== 0) {
Function(code)();
}
}
}
You can read more about danger of evaluating code in the documentation about the eval
method.
If you know a better and more secure way for evaluating inline scripts don't hesitate to tell us, we will be happy to implement this kind of behavior in the core of Highway if we are sure it's harmless for end-users.
Best regards,
Anthony
from highway.
@wassim Indeed we'll have to evaluate all scripts within the router-view
HTML on navigation. We will look at it ASAP but for now you can use events and access the To
renderer and the router-view
and evaluate scripts by yourself.
from highway.
Why do you need script tags within the view ?
They should either be before the close body
tag or in the head
...
So I would say that yes this is done on purpose but maybe you have some good reasons.
from highway.
@Anthodpnt I'm using WordPress with Gravity Forms. The plugin is adding inline javascript next to forms. There is many plugins that do this sort of things.
from highway.
Hi @wassim, did you end up finding a secure solution to this issue? Trying to implement Gravity Forms with Highway and am curious how you solved this.
from highway.
Related Issues (20)
- Javascript functions doesn't works on the second time HOT 1
- Locomotive scroll not updating after page transition HOT 3
- I can't get the HIGHWAY.redirect() to work HOT 1
- Updating CSS for incoming page – (Highway maintains the outgoing page's CSS) HOT 5
- data-transition attribute no longer works in 2.2.2 HOT 2
- Update /refresh/bind links dynamically created with javascript HOT 1
- New href with highway HOT 13
- Adding additional headers to page requests
- Add index.d.ts file for better IDE typehinting
- back/forward buttons pressed during transition break the website
- Facebook Pixel Tracking HOT 3
- Fatal error on transition to mismatching URL scheme, while remaining on the same domain
- Can't work with CDN
- Improper use of DOM events
- Highway not working with DOM elements rendered by javascript HOT 1
- H.redirect always refresh page HOT 1
- Help
- H is undefined HOT 1
- Navigation with parameters and anchor not working
- Javascript not working after page transition HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from highway.