-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
=James Birkholz= wrote: | It might be nice to be able to allow raw HTML on protected pages....
This idea has been kicked around before. Here are just a couple of the potential pitfalls which have prevented it so far:
* Page protection is used for other purposes, and does not necessarily mean that the current content is trusted or approved. If an admin protects a page to stop fighting or vandalism and doesn't notice the <html> trap left on it by a malicious user, *BOOM*
(A related example is the protected log pages in 1.3.x, where text submitted by non-admin users will be rendered as wiki text in a protected page context.)
* Protected pages may use non-protected templates. If the non-protected template gets an <html> bit added to it, *BOOM*
- -- brion vibber (brion @ pobox.com)