Community Server and JavaScript

As you probably recognized, DotNeteers blogs run on CommunityServer 2008. Unfortunately, JavaScript is globally disabled by default, so we were unable to add a lot of contents to our sites, for example to sidebars. The reason is, that HTML contents (for example the content of Generic Content Widgets) are passed through the HTML scrubber to remove things like scripts etc. which users could insert into pages and cause harm. Of course, we didn’t want to enable JavaScript globally, for example because the chance of unkind comments or cross-site scripting. One of the solution is the following: enable IFRAME that you … Continue reading Community Server and JavaScript