Embedding a custom Calendar, Sort of

Keryth987
Keryth987

So, was looking over a recommended features topic, HERE and using the site and using a site @DungeonMasterLoki suggested in that topic, I've found a way to use its tools to create a calendar and link it form OP without 'forcing' people to leave the site

image

(Excuse the image for the code, but anytime I tried to post with the actual code, the site would block me from posting (@thaen need to look into this)

To see it in action, look HERE

Comments

  • thaen
    thaen
    Posts: 656

    I think it was blocking you because this code has (cleverly hidden and executed) javascript in it.  Actually, OP itself should be stripping that javascript out too, but apparently it's currently not. 

    I don't mean to be a wet blanket here, but if OP allows just any javascript to be run like this, then that can lead to OP being a source of people getting hacked.  So we'll need to hamstring this javascript loophole soon.  So the image part of this will still work, but the popup window will stop working.

    Obsidian Portal Developer

  • thaen
    thaen
    Posts: 656

    The "hamstringing" is in place now, but I added a way for us to exempt specific OP members' Campaigns.

    Pages that already use this trick of putting javascript in the textile link will still work as long as they are not re-Saved.  If they are Edited and Saved again, the system will quietly break the javascript.  Meaning, clicking on the link won't do anything after the Save.

    I already added @Keryth987 to the exemptions list, so even when he re-Saves (or even creates new Pages) this trick will still work for him.  If anyone else wants to be able to continue to use this trick, either comment here or email support and we'll get you hooked up.

    The idea here is that we don't want to let just any javascript be run on OP.  For example, we vet all of the DSTs before they are approved.  But if a member is already well known and trusted, then there is little risk in letting that member use javascript in their Campaigns (beyond that member themselves getting hacked).

    I'm definitely open to discussion on this (or anything), so if anyone has ideas about how we can more easily allow things without compromising the security of other OP members and visitors, I'd love to hear about it.

     

    Obsidian Portal Developer

  • Keryth987
    Keryth987
    Posts: 939

    Thanks @Thaen for that. I think the vettign idea -say they participate in the forums and/or discord, have more than one campaign that is or has been active in the past, and then they have to contact you or another representative, that should do it

     

    Keelah se'lai

    Keryth

  • Keryth987
    Keryth987
    Posts: 939

    @Thaen, what we really need is to be able to use The Target Attribute


    <p>Check out <a href="https://www.freecodecamp.org/"; target="_blank">freeCodeCamp</a>.</p>

     

  • thaen
    thaen
    Posts: 656

    Noted!  I'll add that to the Feature Request list.  Because of the way that attribute is restricted in the code currently, it's not as straightforward to enable that for "vetted members only".

    Obsidian Portal Developer

Sign In or Register to comment.

Campaign of the Month
September 2021

D&D 3.0: Tales from Mystara


Read the feature post on the blog!
Or return to Obsidian Portal!

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Discussions