Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Previewing articles inline
giz wrote #338407:
They’ve been textiled already; the html in the preview tab would be the source. Similarly, current section etc. is also available.
It works, but I also get error
Blocked script execution in 'about:srcdoc' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
Do you have script(s) running on the page? Or any form of CSP policy in place?
I’m not wild about splitting preview functionality across 2 areas; doesn’t a dedicated ‘preview page’ link belong in the Preview modal?
The default view page is fine as it is there as it is an completely different view form what is offered in the preview dialog.
Now, if you specifically talk about that easter egg functionality triggered by a shift-click on the “view” link, hmmm. It is still a different view (global) whereas the “preview” button offeres an local view – article body or article excerpt only. I think I am strongly inclined to prefer to keep the two views separate.
(and by next week I’ probably have forgotten about that shift-click action as the key-combo is hardwired in my fingers to the default Safari action: “add to reading list”)
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline
Re: Previewing articles inline
phiw13 wrote #338413:
Live article are always sandboxed, (there is no checkbox to toggle “sanitise”)
…
For me, what is interesting is the possibility to (pre-)view changes / edits to live articles without saving (like: verifying that my edits are correct, code wise).
I agree, previewing before saving is the most useful (and the most tricky) feature. We can restore ‘Sanitize’ checkbox for live articles, no problem there.
And of course I am trusting the code surrounding the article (outside of article body or excerpt).
Here is the point: do we say ‘trust your authors too’ and the living is easy, or we add ‘Sanitize’ checkboxes everywhere? It’s very hard to prevent injections without thoroughly inspecting the content. A malicious code could be hidden, say, in a custom field of a future article and bite one day.
PS – a annoying side effect of the sanitised view in the iframe is that the reviewer (or author) cannot locate where the potentially dangerous elements are. At least they are some bit visible in the pre-view dialog
We can pass it through DOMPurify, as we do for body/excerpt preview, but it makes one more checkbox. Suggest an interface?
There is another potentially annoying effect: relative public side URLs will (?) be resolved with respect to the admin root. Setting <base /> in public templates might help, but is a bit restrictive.
All this makes me think the (pre)view should be refactored.
Offline
Offline
Re: Previewing articles inline
etc wrote #338417:
Suggest an interface :-)
Nah… it is fine for now. Compare it to some of the more specialised menu items in macOS, half hidden behind the option key.
The alternative would be an additional <button /> but given that the Write panel is already quite stuffed with buttons, it is a little difficult.
Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern
Offline