hi,
is there a possibility to include a <style> tag so it does not get "reformatted"? or have something like a "rawhtml" tag, where the contents does not get touched?
use case: format tables via a {{mytabletemplate}}, and define styles for <table>, <tr>, <td> to avoid repeating them all the time.
-solo.
with the following extension it works:
$wgExtensionFunctions[] = "wfRawHtmlExtension";
function wfRawHtmlExtension() { global $wgParser; $wgParser->setHook( "rawhtml", "renderRawHtml" ); }
function renderRawHtml( $input ) { return $input; }
to prevent any editing you have to write: <rawhtml> <style> <nowiki> ... here go your styles ... </nowiki> </style> </rawhtml>
-solo.
On 5/11/05, solo turn soloturn@gmail.com wrote:
hi,
is there a possibility to include a <style> tag so it does not get "reformatted"? or have something like a "rawhtml" tag, where the contents does not get touched?
use case: format tables via a {{mytabletemplate}}, and define styles for
<table>, <tr>, <td> to avoid repeating them all the time.
-solo.
solo turn wrote:
with the following extension it works:
$wgExtensionFunctions[] = "wfRawHtmlExtension";
Why would you add this when a raw HTML tag is built in to the wiki and can be optionally enabled? See DefaultSettings.php.
Note that raw HTML sections are *very dangerous* on a publically editable wiki.
-- brion vibber (brion @ pobox.com)
Umm, I just made a <includeraw> extension - since I had no idea that this existed.... In mine, I only allow the tag for protected pages?
Perhaps that is a better option.
G.
-----Original Message----- From: mediawiki-l-bounces@Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of Brion Vibber Sent: May 11, 2005 4:44 PM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] Re: <style> tag in template
solo turn wrote:
with the following extension it works:
$wgExtensionFunctions[] = "wfRawHtmlExtension";
Why would you add this when a raw HTML tag is built in to the wiki and can be optionally enabled? See DefaultSettings.php.
Note that raw HTML sections are *very dangerous* on a publically editable wiki.
-- brion vibber (brion @ pobox.com)
do you know a good example which shows this "VERY dangerous"? dangerous for whom? if somebody adds a javascript function that changes the admin password and hopes an admin would click on it?
we do not need real raw html, just the styles. do you see any danger in having the <style> tag enabled?
-solo
On 5/11/05, Brion Vibber brion@pobox.com wrote:
... a raw HTML tag is built in to the wiki and can be optionally enabled? See DefaultSettings.php.
Note that raw HTML sections are *very dangerous* on a publically editable wiki.
that sounds appealing!
what made me write this was that i did not switch on $wgWhitelistEdit = true; and it did not work even if i was logged in. kind of not logical, don't you think?
-solo.
On 5/12/05, Graeme Canivet gjcanive@uwaterloo.ca wrote:
Umm, I just made a <includeraw> extension - since I had no idea that this existed.... In mine, I only allow the tag for protected pages?
Perhaps that is a better option.
G.
-----Original Message----- From: mediawiki-l-bounces@Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of Brion Vibber Sent: May 11, 2005 4:44 PM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] Re: <style> tag in template
solo turn wrote:
with the following extension it works:
$wgExtensionFunctions[] = "wfRawHtmlExtension";
Why would you add this when a raw HTML tag is built in to the wiki and can be optionally enabled? See DefaultSettings.php.
Note that raw HTML sections are *very dangerous* on a publically editable wiki.
-- brion vibber (brion @ pobox.com)
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
solo turn wrote:
do you know a good example which shows this "VERY dangerous"? dangerous for whom? if somebody adds a javascript function that changes the admin password and hopes an admin would click on it?
That's one of many possibilities, yes. For background information, google up cross-site scripting attacks as well as general browser vulnerabilities (including among other things ActiveX malware and various image decoder and other buffer overflows which could be exploited on unpatched browsers by HTML injection).
Hijacking trusted site permissions to install malware on the client machine, hijacking sessions to gain admin privileges on the wiki, installing password sniffers, etc. (Remember that many people use the same password on many sites.)
we do not need real raw html, just the styles. do you see any danger in having the <style> tag enabled?
Internet Explorer executes JavaScript expressions and javascript: URLs in CSS styles, so you'd want to be careful about filtering these. We do some checks for that on style attributes in embedded HTML in the wiki.
-- brion vbber (brion @ pobox.com)
mediawiki-l@lists.wikimedia.org