/* On-Wiki calculator script. See . Created by * * This script is designed with security in mind. Possible security risks: * * Having a formula that executes JS * ** To prevent this we do not use eval. Instead we parse the formula with our own parser into an abstract tree that we evaluate by walking through it * ** Form submission & DOM clobbering - we prefix the name (and id) attribute of all fields to prevent conflicts * ** Style injection - we take the style attribute from an existing element that was sanitized by MW. We do not take style from a data attribute. * ** Client-side DoS - Formulas aren't evaluated without user interaction. Formulas have a max length. Max number of widgets per page. Ultimately, easy to revert slow formulas just like any other vandalism. * * Essentially the code works by replacing certain
tags with , parsing a custom formula language, setting up a dependency graph based on identifiers, and re-evaluating formulas on change. */(function);