diff options
Diffstat (limited to 'lib/epub.js/README.md')
-rw-r--r-- | lib/epub.js/README.md | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/lib/epub.js/README.md b/lib/epub.js/README.md index aab8a17..1a3d06b 100644 --- a/lib/epub.js/README.md +++ b/lib/epub.js/README.md @@ -88,6 +88,26 @@ Scrolled: `book.renderTo("area", { flow: "scrolled-doc" });` [View example](http://futurepress.github.io/epub.js/examples/scrolled.html) +## Scripted Content + +[Scripted content](https://www.w3.org/TR/epub-33/#sec-scripted-content), JavasScript the ePub HTML content, is disabled by default due to the potential for executing malicious content. + +This is done by sandboxing the iframe the content is rendered into, though it is still recommended to sanitize the ePub content server-side as well. + +If a trusted ePub contains interactivity, it can be enabled by passing `allowScriptedContent: true` to the `Rendition` settings. + +```html +<script> + var rendition = book.renderTo("area", { + width: 600, + height: 400, + allowScriptedContent: true + }); +</script> +``` + +This will allow the sandboxed content to run scripts, but currently makes the sandbox insecure. + ## Documentation API documentation is available at [epubjs.org/documentation/0.3/](http://epubjs.org/documentation/0.3/) |