Skip to content
This repository has been archived by the owner on Dec 29, 2017. It is now read-only.

Permit insertion of stylesheet contents #14

Open
MartinDoyleUK opened this issue Nov 20, 2013 · 3 comments
Open

Permit insertion of stylesheet contents #14

MartinDoyleUK opened this issue Nov 20, 2013 · 3 comments

Comments

@MartinDoyleUK
Copy link

I'm using Dojo Toolkit's dijit/Editor which is a rich-text editor, with its content contained within an iframe. I have added dynamically various scripts/stylesheets to the iframe, but I also need to run polyfill against it, and unfortunately Dojo gives the iframe a src attribute of "javascript:*". This means that any CSS script loading fails as a cross-domain request.
Would it be possible to add an extra parameter (perhaps "stylesheetContents") to the initial options, that would then cause the program to check for provided stylesheet content, prior to attempting a (potentially) XSS attempt to retrieve them?
I will fork the project and try and find the time to implement this in the fork.

@philipwalton
Copy link
Owner

I actually haven't had much time to think about this project in a while, and I don't know when I'll be able to get back to it. That being said, I still want to make it better and hope to continue working on it in the future, so if you have time to implement this yourself, that would be great!

@MartinDoyleUK
Copy link
Author

I've put some code in that allows this in my fork. I've never collaborated on open-source projects before, so I'm afraid I don't know the appropriate way to change the version, nor how to get the code into your main project, if you even want to do that, but it's there in my fork if you want it.

@OpherV
Copy link

OpherV commented Nov 21, 2013

@a06275 Just submit a pull request

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants