On 05/19/2014 04:54 PM, Gabriel Wicke wrote:
The move to HTML-based (self-contained) transclusions
expansions will avoid
this issue completely. That's a few months out though. Maybe we can find a
stop-gap solution that moves in that direction, without introducing special
tags in expandtemplates that we'll have to support for a long time.
Here's a proposal:
* Introduce a <domparse> extension tag that causes its content to be parsed
all the way to a self-contained DOM structure. Example:
<domparse>{{T}}</domparse>
* Emit this tag for HTML page transclusions. Avoids the security issue as
there's no way to inject verbatim HTML. Works with Parsoid out of the box.
* Use <domparse> to support parsing unbalanced templates by inserting it
into wikitext:
<domparse>
{{table-start}}
{{table-row}}
{{table-end}}
</domparse>
* Build a solid HTML-only expansion API end point, and start using that for
all transclusions that are not wrapped in <domparse>
* Stop wrapping non-wikitext transclusions into <domparse> in
action=expandtemplates once those can be directly expanded to a
self-contained DOM.
Gabriel