You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 29, 2017. It is now read-only.
I'm using Dojo Toolkit's dijit/Editor which is a rich-text editor, with its content contained within an iframe. I have added dynamically various scripts/stylesheets to the iframe, but I also need to run polyfill against it, and unfortunately Dojo gives the iframe a src attribute of "javascript:*". This means that any CSS script loading fails as a cross-domain request.
Would it be possible to add an extra parameter (perhaps "stylesheetContents") to the initial options, that would then cause the program to check for provided stylesheet content, prior to attempting a (potentially) XSS attempt to retrieve them?
I will fork the project and try and find the time to implement this in the fork.
The text was updated successfully, but these errors were encountered:
I actually haven't had much time to think about this project in a while, and I don't know when I'll be able to get back to it. That being said, I still want to make it better and hope to continue working on it in the future, so if you have time to implement this yourself, that would be great!
I've put some code in that allows this in my fork. I've never collaborated on open-source projects before, so I'm afraid I don't know the appropriate way to change the version, nor how to get the code into your main project, if you even want to do that, but it's there in my fork if you want it.
I'm using Dojo Toolkit's dijit/Editor which is a rich-text editor, with its content contained within an iframe. I have added dynamically various scripts/stylesheets to the iframe, but I also need to run polyfill against it, and unfortunately Dojo gives the iframe a src attribute of "javascript:*". This means that any CSS script loading fails as a cross-domain request.
Would it be possible to add an extra parameter (perhaps "stylesheetContents") to the initial options, that would then cause the program to check for provided stylesheet content, prior to attempting a (potentially) XSS attempt to retrieve them?
I will fork the project and try and find the time to implement this in the fork.
The text was updated successfully, but these errors were encountered: