On my MediaWiki site I'm about to set
$wgRawHtml = true;
in order to allow YouTube and other embedded content. However, the manual says (http://www.mediawiki.org/wiki/Manual:$wgRawHtml):
Warning: This is very dangerous on a publicly editable site, so you shouldn't enable it unless you've restricted editing to trusted users only
When it says "very dangerous", what does this mean? Does it for example enable an exploit that would let someone hack into the MediaWiki site? Or does it merely allow Javascript that would allow a malicious person to harm a user's computer if they view the page?
(I'm aware I could use an extension such as http://www.mediawiki.org/wiki/Extension:VideoFlash but that would limit me to embedding stuff from just thoase sites it allows.)
Philip Hunt wrote:
When it says "very dangerous", what does this mean? Does it for example enable an exploit that would let someone hack into the MediaWiki site? Or does it merely allow Javascript that would allow a malicious person to harm a user's computer if they view the page?
The major concern is compromise of the MediaWiki account of the user who views the page. The session ID or login token could be stolen, allowing an attacker to act as that user. The attacker could potentially gain sysop access and make a nuisance of themselves on the wiki.
There is no increased risk of server compromise unless you have installed a MediaWiki extension which allows escalation from web access to server access (e.g. a "PHP shell" extension).
Raw HTML increases the risk of password compromise via a phishing-style attack.
Attacks against the viewer's browser are possible; a lockup or crash would be easy for an attacker to produce. If the user has an old browser with known vulnerabilities, a compromise of the user's computer may be possible via scripted heap preparation or similar attacks.
-- Tim Starling
2008/10/24 Tim Starling tstarling@wikimedia.org:
Philip Hunt wrote:
When it says "very dangerous", what does this mean? Does it for example enable an exploit that would let someone hack into the MediaWiki site? Or does it merely allow Javascript that would allow a malicious person to harm a user's computer if they view the page?
The major concern is compromise of the MediaWiki account of the user who views the page. The session ID or login token could be stolen, allowing an attacker to act as that user. The attacker could potentially gain sysop access and make a nuisance of themselves on the wiki.
There is no increased risk of server compromise unless you have installed a MediaWiki extension which allows escalation from web access to server access (e.g. a "PHP shell" extension).
Raw HTML increases the risk of password compromise via a phishing-style attack.
Attacks against the viewer's browser are possible; a lockup or crash would be easy for an attacker to produce. If the user has an old browser with known vulnerabilities, a compromise of the user's computer may be possible via scripted heap preparation or similar attacks.
That's useful informaytion. Do I have your permission to add it to the article http://www.mediawiki.org/wiki/Manual:$wgRawHtml ?
Philip Hunt wrote:
2008/10/24 Tim Starling tstarling@wikimedia.org:
Philip Hunt wrote:
When it says "very dangerous", what does this mean? Does it for example enable an exploit that would let someone hack into the MediaWiki site? Or does it merely allow Javascript that would allow a malicious person to harm a user's computer if they view the page?
The major concern is compromise of the MediaWiki account of the user who views the page. The session ID or login token could be stolen, allowing an attacker to act as that user. The attacker could potentially gain sysop access and make a nuisance of themselves on the wiki.
There is no increased risk of server compromise unless you have installed a MediaWiki extension which allows escalation from web access to server access (e.g. a "PHP shell" extension).
Raw HTML increases the risk of password compromise via a phishing-style attack.
Attacks against the viewer's browser are possible; a lockup or crash would be easy for an attacker to produce. If the user has an old browser with known vulnerabilities, a compromise of the user's computer may be possible via scripted heap preparation or similar attacks.
That's useful informaytion. Do I have your permission to add it to the article http://www.mediawiki.org/wiki/Manual:$wgRawHtml ?
Yes. But expand it and add some links if you can.
-- Tim Starling
mediawiki-l@lists.wikimedia.org