Skin.allowMacro()

Limits the range of allowed macros to be rendered in a skin to an explicit set.

This is useful e.g. when text entered by non-trusted users is interpreted as skins to provide macro functions on a user-level.

Syntax
allowMacro(macronameString)

Example
Two macro functions defined in a JavaScript file:
function isAllowed_macro() {
  return("Hello");
}

function isForbidden_macro() {
  return("World");
}

The action that enables one of the macros:
var str = "<% root.isAllowed %>, <% root.isForbidden %>!";
var skin = new Skin(str);
// as soon as we call allowMacro() on a skin, only those
// macros explicitely set are allowed to be evaluated.
// all others will result in an error msg.
skin.allowMacro("root.isAllowed");
renderSkin(skin);

Hello, [Macro root.isForbidden not allowed in sandbox]!

... comment

Page last modified on 2001-10-31 16:06 by tobi