Application/json in tiddler

Zheng_Bangyou · June 20, 2022, 7:41am

I would like to convert htmlwidget create by R into tiddler (in specific text/x-markdown format) to use my data analysis skill in R.

See an example of output from here: leaflet

All source codes of html and js can be found from here: GitHub - byzheng/htmlwidget-test.

In the html file, all js and css files can be treated as external files, except two application/json for related data. See Line 21-22 in the index.html file. It should be the same for all other htmlwidget (i.e. only application/json in the html code).

When I copied the json file into tiddler, it seems they are not executed following the discussion.

So my question is what’s the best way to include the application/json in the tiddler?

digitalap3 · June 21, 2022, 12:03am

is this what you are looking for? it is a macro that allows you to run javascript between <<script>> and <<script 0>>. I have used it to put some widgets in a nodejs wiki. I don’t think I’ve tried it on a single html.

[Edited] to Wrap code in backticks to make readable - Tones

Zheng_Bangyou · June 21, 2022, 12:38am

Thanks @digitalap3. It is a good starting point.

I understand to run js in tiddler will cause security issue. In my specific case, I only need to run application/json in the tiddler which could be safer than js (just my thought).

Would be better to find a safer way to run application/json before I allow to run js in tiddler.

TW_Tones · June 21, 2022, 2:13am

As I understand this, Two key principles with Javascript and tiddlywiki are;

It should be written to be compatible with the way tiddlywiki works, allowing tiddlywiki to refresh correctly and not break things
It should ONLY be loaded at the load of the HTML file so if hosted online a “bad actor” can not “Inject” javascript code that can interrogate or manipulate the server or host on which it is running.
- If someone has write access to the online file they can install and reload your wiki, so you must not let anonymous and potential bad actors this ability.

You may be tempted

Sure you may decide your wiki is local only and decide to give your wiki this ability but;
- It is easy to forget and share it with other people or put it online and now you or they have a security risk (this could damage your or tiddlywiki’s reputation).
- If you make your wiki available on the LAN or an internet connection there is now a hacker path to compromising your computer which is now a server/host.
It is so easy to save and reload locally, so introducing Javascript the correct and legitimate way on your computer is best, even locally.
- You can also get support from the community and your work can then be safely shared with others and contribute to the community.

Finally there are other ways to reference external resources from raw system tags, iframes and HTML that accesses other resources on a host that there is no need to complicate or put at risk your tiddlywiki.

Another reason to avoid Javascript without checking with the community if there is an existing solution, is you may cause fragmentation of the solutions available. I for one often see people introducing javascript for things I can already do with the core or a well known plugin. This is a waste of their time and adds less value to tiddlywiki as a whole.

If you have javascript skills please use them to improve and enhance tiddlywiki, rather than complicate and duplicate. If your solutions are popular please don’t introduce bugs or security risks we the community will have to work to address.

For example I have connected some Javascript modules to use cookies, and get set the window.name or html target, these are not possible in the core. happy to share.