diff options
author | Andrew Dolgov <[email protected]> | 2023-04-11 07:19:49 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2023-04-11 07:19:49 +0300 |
commit | 8ce9ca1d928bda4b2721dfda03dbf2831b12626c (patch) | |
tree | be881bed89d6cb977d4f68aeaa28cd0af9b9728d /lib/epub.js/README.md | |
parent | a72807a9b1c4d6b6688b86abd4b7b71feaea3ca0 (diff) |
bump epubjs to 0.3.93
Diffstat (limited to 'lib/epub.js/README.md')
-rw-r--r-- | lib/epub.js/README.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/lib/epub.js/README.md b/lib/epub.js/README.md index aab8a17..1a3d06b 100644 --- a/lib/epub.js/README.md +++ b/lib/epub.js/README.md @@ -88,6 +88,26 @@ Scrolled: `book.renderTo("area", { flow: "scrolled-doc" });` [View example](http://futurepress.github.io/epub.js/examples/scrolled.html) +## Scripted Content + +[Scripted content](https://www.w3.org/TR/epub-33/#sec-scripted-content), JavasScript the ePub HTML content, is disabled by default due to the potential for executing malicious content. + +This is done by sandboxing the iframe the content is rendered into, though it is still recommended to sanitize the ePub content server-side as well. + +If a trusted ePub contains interactivity, it can be enabled by passing `allowScriptedContent: true` to the `Rendition` settings. + +```html +<script> + var rendition = book.renderTo("area", { + width: 600, + height: 400, + allowScriptedContent: true + }); +</script> +``` + +This will allow the sandboxed content to run scripts, but currently makes the sandbox insecure. + ## Documentation API documentation is available at [epubjs.org/documentation/0.3/](http://epubjs.org/documentation/0.3/) |