Let users link in a javascript library

Currently, users can have PerlMonks automatically include a link to an arbitrary CSS source in each page. (Go to Display Settings and look under Stylesheet Settings.) I think it would be nice to be able similarly to link in a javascript source, such as jQuery, script.aculo.us, or other AJAX library.

It is possible to use the Free Nodelet to bring such a link into each of your pages; but there are two downsides to this approach: 1, some users might not otherwise have a need or desire to enable their Free Nodelet; and B, the Free Nodelet is not available for some pages, such as the four frames in the Full-Page Chat.

The patches to implement this have been drafted:

htmlhead - (patch)
Display Settings - (patch)

A word spoken in Mind will reach its own level, in the objective world, by its own weight

Comment on Let users link in a javascript library

Replies are listed 'Best First'.
Re: Let users link in a javascript library (XSS) by tye (Sage) on Apr 14, 2008 at 16:37 UTC
It would be good to properly filter javascript from homenodes before rampantly encouraging use of javascript at PerlMonks. Since the current state of homenodes makes for a nearly perfect example of how to enable cross-site scripting attacks, I think that removing that problem really needs to come first. - tye	[reply]
Re: Let users link in a javascript library by ysth (Canon) on Apr 14, 2008 at 22:04 UTC
To add to what tye says, I'd like html filtering to be mandatory (or at the very very least, the default, retroactively set for all current monks). AIUI, the homenode thing basically means deciding which additional elements and attributes we want to allow on homenodes (plus a SMOP to implement it). -- Online Fortune Cookie Search	[reply]
Re^2: Let users link in a javascript library by ysth (Canon) on Apr 15, 2008 at 02:16 UTC
In response to private messages, yes, either of these changes would need to be well advertised. But there's no point in doing so until someone steps forward to do the work. And until someone does, we really oughtn't advocate that people allow perlmonks to execute javascript. -- Online Fortune Cookie Search	[reply]
Re^3: Let users link in a javascript library (required) by tye (Sage) on Apr 15, 2008 at 04:19 UTC
For the sake of clarity, my proposal to properly filter javascript requires filtering HTML as well. So, yes, if you want to see what is going to happen, go to User Settings and turn on "Filter HTML of monks' homenodes". My impression is that the allowed tags are already pretty much where they can and should be. As a first step, we should turn on this setting for AnonyMonk (not as easy at one might guess, since I've tried before and failed). Another attempt is now on the top of my to-do list. - tye	[reply]
Re^4: Let users link in a javascript library (required) by ysth (Canon) on Apr 15, 2008 at 06:21 UTC
Re^4: Let users link in a javascript library (required) by ysth (Canon) on Apr 16, 2008 at 19:52 UTC
Re^5: Let users link in a javascript library (required) by moritz (Cardinal) on Apr 16, 2008 at 19:58 UTC
Some notes below your chosen depth have not been shown here
A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Let users link in a javascript library by Argel (Prior) on Apr 14, 2008 at 19:46 UTC
Slightly off-topic -- has any thought been given to hosting jQuery (and some of the others) so we would not have to go off-site to pull in the code?	[reply]