Hi
I'm looking to use vis.js and some other frameworks to display information. I thought a quick way (using what is available) to inject the required javascript in to a page would be the "format string" add-on. Basically, I've set up a non persisted entity that has a "html" (unlimited string). This property is adjusted by microflow(s) to build the required html (or should I say <script> code) to set-up the required JS to interact with the libraries.
Incidentally, as a quick hack I'm using the htmlSnippet add-on to include the libraries on particular pages (there is probably a better way, but I'm just trying to get something working).
Any hoo, the Format String seems to be happy injecting HTML but not "<script>" tag enclosures (XHTML or some other validation/rejection going on?). You just end up with the script code and html placed on the page literally (and before you ask, yes I have set the format string to render as HTML). Works fine provided there isn't a <script> tag in the content. Very frustrating as without getting in to widget development I can't easily see or find a way of dynamically injecting page content?
Any help / support greatly appreciated!
Update 28-4-2015
I've had a browse through the format string project on github and have found the code escaping content with script tags in it.
if (string.indexOf("<script") > -1 || !renderAsHTML) {
string = dom.escapeString(string);
}
So that explains why it is doing it. Not sure why this is there though? Security concerns perhaps. Is there another add-on ./ way I could use (avoiding fork / dev of new widget).