I’m surprised to see a magazine can inject custom JavaScript at all - it seems neat, but also if left unmanaged it could be a disaster waiting to happen (session hijacking, putting ads into feeds, crypto mining, etc.).
I just tried adding alert('Hello world!');
to the JavaScript section of my test magazine and nothing happened, though - which leads me to believe there may be some allowlist of what JavaScript is and isn’t okay.
Is that documented anywhere?
You must log in or register to comment.