bump epubjs to 0.3.93

author: Andrew Dolgov <[email protected]> 2023-04-11 07:19:49 +0300
committer: Andrew Dolgov <[email protected]> 2023-04-11 07:19:49 +0300
commit: 8ce9ca1d928bda4b2721dfda03dbf2831b12626c (patch)
tree: be881bed89d6cb977d4f68aeaa28cd0af9b9728d /lib/epub.js/README.md
parent: a72807a9b1c4d6b6688b86abd4b7b71feaea3ca0 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/lib/epub.js/README.md b/lib/epub.js/README.md
index aab8a17..1a3d06b 100644
--- a/lib/epub.js/README.md
+++ b/lib/epub.js/README.md
@@ -88,6 +88,26 @@ Scrolled: `book.renderTo("area", { flow: "scrolled-doc" });`
 
 [View example](http://futurepress.github.io/epub.js/examples/scrolled.html)
 
+## Scripted Content
+
+[Scripted content](https://www.w3.org/TR/epub-33/#sec-scripted-content), JavasScript the ePub HTML content, is disabled by default due to the potential for executing malicious content. 
+
+This is done by sandboxing the iframe the content is rendered into, though it is still recommended to sanitize the ePub content server-side as well.
+
+If a trusted ePub contains interactivity, it can be enabled by passing `allowScriptedContent: true` to the `Rendition` settings.
+
+```html
+<script>
+  var rendition = book.renderTo("area", {
+    width: 600,
+    height: 400,
+    allowScriptedContent: true
+  });
+</script>
+```
+
+This will allow the sandboxed content to run scripts, but currently makes the sandbox insecure.
+
 ## Documentation
 
 API documentation is available at [epubjs.org/documentation/0.3/](http://epubjs.org/documentation/0.3/)
author	Andrew Dolgov <[email protected]>	2023-04-11 07:19:49 +0300
committer	Andrew Dolgov <[email protected]>	2023-04-11 07:19:49 +0300
commit	8ce9ca1d928bda4b2721dfda03dbf2831b12626c (patch)
tree	be881bed89d6cb977d4f68aeaa28cd0af9b9728d /lib/epub.js/README.md
parent	a72807a9b1c4d6b6688b86abd4b7b71feaea3ca0 (diff)