On Tue, Jul 30, 2002 at 02:38:07AM -0800, Brion VIBBER wrote:
Jan.Hidders wrote:
Are the <nowiki> tags still needed in the
script? I'm asking this because
1. I'm having trouble getting them into the formal syntax
Of course they're still needed! How else are we supposed to include wiki
markup as text in a wikipage that's not overly burdenson? (ie, using
numeric character entities instead of special wiki symbols.)
So we only need them for the FAQs? :-) But I see your point.
2. They are a
bit of a security risc because the allow users to get things
like javascript on a page.
If that's the case, that's a serious bug. <nowiki> should mean no
*wiki*
markup interpretation, not no *HTML* safeguarding.
Yup, I tried it on my Sandbox, look at the bottom:
http://www.wikipedia.com/wiki/User:Jan_Hidders/Sandbox
At the moment I don't understand Lee's code enough to say if there is any
HTML safeguarding going on in the <nowiki> parts, but as far as I can tell
there isn't.
But this can be remedied fairly easy, just replace all the <'s and >'s with
their corresponding entities in the <nowiki> parts. That's even correct in
some sense because we consider HTML as part of the wiki markup. :-/
Lee, should I make a bug report of this?
-- Jan Hidders