On Tue, Jul 30, 2002 at 02:38:07AM -0800, Brion VIBBER wrote:
Jan.Hidders wrote:
Are the <nowiki> tags still needed in the script? I'm asking this because
- I'm having trouble getting them into the formal syntax
Of course they're still needed! How else are we supposed to include wiki markup as text in a wikipage that's not overly burdenson? (ie, using numeric character entities instead of special wiki symbols.)
So we only need them for the FAQs? :-) But I see your point.
- They are a bit of a security risc because the allow users to get things
like javascript on a page.
If that's the case, that's a serious bug. <nowiki> should mean no *wiki* markup interpretation, not no *HTML* safeguarding.
Yup, I tried it on my Sandbox, look at the bottom:
http://www.wikipedia.com/wiki/User:Jan_Hidders/Sandbox
At the moment I don't understand Lee's code enough to say if there is any HTML safeguarding going on in the <nowiki> parts, but as far as I can tell there isn't.
But this can be remedied fairly easy, just replace all the <'s and >'s with their corresponding entities in the <nowiki> parts. That's even correct in some sense because we consider HTML as part of the wiki markup. :-/
Lee, should I make a bug report of this?
-- Jan Hidders