Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

reload button + disable JS checkbox #381

Merged
merged 2 commits into from

2 participants

Mike Kamermans ScottDowne
Mike Kamermans
Owner

reload button is easy to test with

<!doctype html>
<html>
  <head>
    <meta charset="utf-8">
    <title>Your Awesome Webpage created on Wed, Mar 5 2014 4:16 PM</title>
  </head>
  <body>
    <p>Make something amazing with the web</p>
    <button onclick="document.body.innerHTML = ''">try me </button>
  </body>
</html>

script disable is easy to test with

<!doctype html>
<html>
  <head>
    <meta charset="utf-8">
    <title>Your Awesome Webpage created on Wed, Mar 5 2014 4:16 PM</title>
  </head>
  <body>
    <p>Make something amazing with the web</p>
    <script>alert("lol");</script>
  </body>
</html>
public/friendlycode/templates/previewloader.html
@@ -165,7 +175,7 @@
if(!owner) { owner = event.source; }
if ("sourceCode" in data && typeof data.sourceCode === "string") {
- content[data.type](data.sourceCode);
+ content["overwrite"](data);
ScottDowne Owner

content.overwrite(data);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Mike Kamermans Pomax merged commit 5d656cc into from
Mike Kamermans Pomax deleted the branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 6, 2014
  1. Mike Kamermans
Commits on Mar 7, 2014
  1. Mike Kamermans

    pr

    Pomax authored
This page is out of date. Refresh to see the latest.
1  locale/en_US/thimble.webmaker.org.json
View
@@ -1,6 +1,7 @@
{
"An error occurred": "An error occurred",
"Are you sure you want to publish your page?": "Are you sure you want to publish your page?",
+ "auto-run JS": "auto-run JavaScript",
"Cancel": "Cancel",
"Change text size": "Change text size",
"change the text in the title": "(you will have to change the text in the <title> element on your page)",
11 public/friendlycode/css/editor.less
View
@@ -531,3 +531,14 @@ div.editor-actions {
height: 100%;
overflow: auto;
}
+
+.preview-pane-nav-options fieldset {
+ display: inline-block;
+ border: none;
+ margin: 0;
+ padding: 0;
+}
+
+.preview-pane-nav-options fieldset {
+ font-size: 80%;
+}
4 public/friendlycode/js/fc/ui/live-preview.js
View
@@ -54,6 +54,9 @@ define(["jquery", "backbone-events", "./mark-tracker"], function($, BackboneEven
// add the preview iframe to the editor on the first
// attempt to parse the Code Mirror text.
if(!iframe.contentWindow) {
+ document.querySelector(".reload-button").onclick = function() {
+ codeMirror.reparse();
+ };
previewArea.append(iframe);
telegraph = iframe.contentWindow;
listenForEvents();
@@ -63,6 +66,7 @@ define(["jquery", "backbone-events", "./mark-tracker"], function($, BackboneEven
// we treat all changes as a full refresh.
var message = JSON.stringify({
type: "overwrite",
+ runjs: document.getElementById('preview-run-js').checked,
sourceCode: event.sourceCode
});
16 public/friendlycode/templates/previewloader.html
View
@@ -116,11 +116,21 @@
* content management object
*/
var content = {
- overwrite: function overwriteIFrame(sourceCode) {
+ overwrite: function overwriteIFrame(data) {
+ var sourceCode = data.sourceCode,
+ runjs = !!data.runjs;
var iframe = document.createElement("iframe");
iframe.style.opacity = 0.0;
document.body.appendChild(iframe);
+ // disable scripts if so instructed. We don't
+ // actually strip them, we just give them a
+ // script type that is non-executing.
+ if(!runjs) {
+ var script = /<script\s*(type=["'][^\/]+\/javascript["'])?>/g;
+ sourceCode = sourceCode.replace(script, "<script type='text/disabled'>");
+ }
+
// set new content
doc = iframe.contentDocument;
doc.open();
@@ -165,7 +175,7 @@
if(!owner) { owner = event.source; }
if ("sourceCode" in data && typeof data.sourceCode === "string") {
- content[data.type](data.sourceCode);
+ content.overwrite(data);
} else {
console.error("preview payload had no associated, valid sourceCode", event.data);
}
@@ -188,4 +198,4 @@
<body>
<iframe></iframe>
</body>
-</html>
+</html>
8 views/friendlycode/templates/nav-options.html
View
@@ -27,7 +27,13 @@
<div class="preview-pane-nav-options">
<!-- previous, save draft, publish -->
<div class="preview-nav-item nav-item">
- <span class="icon">&nbsp;</span>{{ gettext("Preview") }}<div class="pane-indicator enabled"></div>
+ <span class="icon">&nbsp;</span>{{ gettext("Preview") }}
+ <button class="reload-button wm-button wm-button-blue short">{{ gettext("reload") }}</button>
+ <fieldset>
+ <input type="checkbox" id="preview-run-js" checked>
+ <label for="preview-run-js">{{ gettext("auto-run JS") }}</label>
+ </fieldset>
+ <div class="pane-indicator enabled"></div>
</div>
<div class="nav-item buttons">
<a class="page-view-link" href="" target="_blank"><div class="page-view-button wm-button wm-button-blue short">{{ gettext("View") }}</div></a>
Something went wrong with that request. Please try again.