diff --git a/5.2curlcommands.md b/5.2curlcommands.md
index 6a83347..405e17a 100644
--- a/5.2curlcommands.md
+++ b/5.2curlcommands.md
@@ -50,6 +50,31 @@ curl -X POST -H 'Content-type: application/json' http://localhost:8080/api/admin
}'
```
+> Rich HTML Previewer - Potential Issues if used with malicious content
+
+```bash
+curl -X POST -H 'Content-type: application/json' http://localhost:8080/api/admin/externalTools -d \
+'{
+ "displayName":"Rich HTML Previewer",
+ "description":"View the html file and run potentially malicious JavaScript. Useful for interactive HTML files that use e.g. Plotly",
+ "toolName":"richHtmlPreviewer",
+ "scope":"file",
+ "types":["preview"],
+ "toolUrl":"https://gdcc.github.io/dataverse-previewers/previewers/betatest/RichHtmlPreview.html",
+ "toolParameters": {
+ "queryParameters":[
+ {"fileid":"{fileId}"},
+ {"siteUrl":"{siteUrl}"},
+ {"key":"{apiToken}"},
+ {"datasetid":"{datasetId}"},
+ {"datasetversion":"{datasetVersion}"},
+ {"locale":"{localeCode}"}
+ ]
+ },
+ "contentType":"text/html"
+}'
+```
+
```bash
curl -X POST -H 'Content-type: application/json' http://localhost:8080/api/admin/externalTools -d \
'{
diff --git a/previewers/betatest/RichHtmlPreview.html b/previewers/betatest/RichHtmlPreview.html
new file mode 100644
index 0000000..c9748ad
--- /dev/null
+++ b/previewers/betatest/RichHtmlPreview.html
@@ -0,0 +1,39 @@
+
+
+
+ Html Preview
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Insecure Html Preview
+
+
+
+
diff --git a/previewers/betatest/i18n/en.json b/previewers/betatest/i18n/en.json
index 6656113..8bd1ae3 100644
--- a/previewers/betatest/i18n/en.json
+++ b/previewers/betatest/i18n/en.json
@@ -8,6 +8,7 @@
"audioPreviewText": "Audio Preview",
"csvPreviewText": "Csv Preview",
"htmlPreviewText": "Html Preview",
+ "richHtmlPreviewText": "This data file includes JavaScript which may need to run for the data to display properly.\n\nYou can click the OK to allow the JavaScript to run, but be sure you trust this datafile as a malicious JavaScript could harm your computer (with the same concerns as if you went to a malicious website outside of Dataverse).\n\nIf you wish to not run the complete page, click Abort to be redirected to Dataverse.",
"annotationsText": "Annotations",
"imagePreviewText": "Image Preview",
"mapPreviewText": "Map Preview",
diff --git a/previewers/betatest/js/richhtml.js b/previewers/betatest/js/richhtml.js
new file mode 100644
index 0000000..f4d164d
--- /dev/null
+++ b/previewers/betatest/js/richhtml.js
@@ -0,0 +1,63 @@
+$(document).ready(function () {
+
+ const MESSAGE = $.i18n("richHtmlPreviewText")
+ userConfirms = confirm(MESSAGE)
+
+ if (userConfirms) {
+ // Preview the HTML file
+ startPreview(true);
+ } else {
+ // Redirect to the file page
+ queryParams = new URLSearchParams(window.location.search.substring(1));
+ var siteUrl = queryParams.get("siteUrl");
+ var fileID = queryParams.get("fileid");
+ var versionUrl = siteUrl + "/api/datasets/"
+ + queryParams.get("datasetid") + "/versions/"
+ + queryParams.get("datasetversion");
+
+ fetchMetaAndRedirect(versionUrl, fileID, siteUrl);
+ }
+});
+
+function fetchMetaAndRedirect(versionURL, fileID, siteUrl) {
+ $.ajax({
+ type: 'GET',
+ dataType: "json",
+ crosssite: true,
+ url: versionURL,
+ success: function (data, status) {
+ console.log(data);
+ redirectToFilePage(data, siteUrl, fileID);
+ },
+ error: function (request, status, error) {
+ alert("Could not find persistent ID for file. Redirecting to the Dataverse page.")
+ window.location.replace(siteUrl);
+ }
+ });
+}
+
+function redirectToFilePage(data, siteUrl, fileID) {
+ // Search for the file ID in the JSON
+ const files = data.data.files
+ const persistentFile = files.find(file => file.dataFile.id == fileID)
+ const persistentFileId = persistentFile.dataFile.persistentId
+ const fileVersion = persistentFile.version
+
+ // Redirect to the file page
+ const fileUrl = siteUrl + "/file.xhtml?persistentId=" + persistentFileId + "&version=" + fileVersion
+ window.location.replace(fileUrl);
+}
+
+function translateBaseHtmlPage() {
+ var htmlPreviewText = $.i18n("htmlPreviewText");
+ $('.htmlPreviewText').text(htmlPreviewText);
+}
+
+function writeContentAndData(data, fileUrl, file, title, authors) {
+ addStandardPreviewHeader(file, title, authors);
+ options = {
+ "stripIgnoreTag": true,
+ }; // Custom rules
+
+ $('.preview').append($("").html(data));
+}