Community Server and JavaScript

As you probably recognized, DotNeteers blogs run on CommunityServer 2008. Unfortunately, JavaScript is globally disabled by default, so we were unable to add a lot of contents to our sites, for example to sidebars.

The reason is, that HTML contents (for example the content of Generic Content Widgets) are passed through the HTML scrubber to remove things like scripts etc. which users could insert into pages and cause harm. Of course, we didn’t want to enable JavaScript globally, for example because the chance of unkind comments or cross-site scripting.

One of the solution is the following: enable IFRAME that you can embed some HTML pages in. Insert your JavaScript into a simple HTML page, save it and upload to the CS. For example, my sample HTML page is so simple:

<html>
<body>
<script type="text/javascript">
<!—Insert your script here -->


</script> </body>


After uploading, embed your HTML page into an IFRAME embedded to a Generic Content Widget:



<iframe src="/your_page_location.html" frameborder="0"> 
</iframe>


That’s it! :)



More info about CS2008 and HTML scrubbing: here.