Active-CSS / active-css

The epic event-driven browser language for UI with functionality in one-liner CSS. Over 100 incredible CSS commands for DOM manipulation, ajax, reactive variables, single-page application routing, and lots more. Could CSS be the JavaScript framework of the future?
https://activecss.org
Other
43 stars 7 forks source link

Investigate why regular scripts are not loading when inside ajax HTML #352

Open bob2517 opened 7 months ago

bob2517 commented 7 months ago

Per title. Investigate and find a solution. May need an "allow-scripts" security restriction on the ajax command to get this to work keeping security considerations in mind.

bob2517 commented 7 months ago

May have a quick solution for this. It's not so much to do with the loading of the ajax, and more to do with the rendering method. From looking at the code with no testing at all, it looks like render-after-end, and its related functions, would work. I'm running a test now with an amended render command.

bob2517 commented 7 months ago

My test didn't work - it looks like browsers (or at least Firefox) do not allow insertAdjacentHTML to add script tags to the page, despite it being allowed in the spec, so the spec is a bit out of date it seems or whatever is going on. There is an open issue written in November suggesting adding an option to insertAdjacentHTML to allow it but it hasn't been replied to yet: https://github.com/w3c/DOM-Parsing/issues/76

I'm seeing if there is any other solution that is sensible.

bob2517 commented 7 months ago

I've got a potential solution regarding running the script tags after the whole html string has been rendered. So it's not the same as rendering nodes in sequence as you would if you were loading the page, but it will handle the script tag being in the right place in the DOM and the freshly inserted script tags will run after everything has rendered. With that caveat I'm going to add it into the core. I'll see if there is anything security-wise that can be done, like adding an "allow-scripts" option to the render command itself. It's not necessarily a simple solution, but will try and get it done today and onto the branch.

bob2517 commented 7 months ago

This is now on the branch, with a new option of "allow-scripts" for the render command, and the render-after-end, etc. commands.

Example syntax: render: "{$STRING}" allow-scripts;

HTML inside components probably don't allow script tags because of the reasons mentioned above, so would need a use case to warrant adding that in.