How can I prevent this conversion so ampersands (and presumably other special characters) are preserved?
Followup up my own question: StripState is not relevant here. It's the fact that it's a parser tag extension. Simply returning "&" in the callback will produce "&". Is there a way to suppress this conversion when returning "&" from a parser tag extension?
DanB
On 29/06/12 21:42, Daniel Barrett wrote:
How can I prevent this conversion so ampersands (and presumably other special characters) are preserved?
Followup up my own question: StripState is not relevant here. It's the fact that it's a parser tag extension. Simply returning "&" in the callback will produce "&". Is there a way to suppress this conversion when returning "&" from a parser tag extension?
DanB
Why do you want a plain & ? Seems like you want invalid html...
On 29/06/12 21:42, Daniel Barrett wrote:
How can I prevent this conversion so ampersands (and presumably other special characters) are preserved?
Followup up my own question: StripState is not relevant here. It's the fact that it's a parser tag extension. Simply returning "&" in the callback will produce "&". Is there a way to suppress this conversion when returning "&" from a parser tag extension?
DanB
Platonides wrote:
Why do you want a plain & ? Seems like you want invalid html...
Because the output may contain JavaScript and it's converting "if (a&&b)" to "if (a&&b)".
The extension is a tag "<javascript>" that adds arbitrary javascript, supplied by the user, to the wiki page. Security is not an issue because this is a completely internal wiki.
Is there a better way to implement a <javascript> parser tag extension so the HTML-conversion issue doesn't happen?
DanB
On Mon, Jul 2, 2012 at 8:02 AM, Daniel Barrett danb@vistaprint.com wrote:
Because the output may contain JavaScript and it's converting "if (a&&b)" to "if (a&&b)".
The extension is a tag "<javascript>" that adds arbitrary javascript, supplied by the user, to the wiki page. Security is not an issue because this is a completely internal wiki.
Is there a better way to implement a <javascript> parser tag extension so the HTML-conversion issue doesn't happen?
This may be a bit of an uphill battle for you, since typically people do *not* want to allow javascript to be able to be inserted! I'm not entirely sure how many patches you would need to make to get javascript in a page to be rendered, but I think you've only hit the first of at least a few.
One slightly easier way that you may be able to get this working would be to write the javascript in a separate page, and then inside your your parser extension, have it write out: <script>importScript('title_of_script_page');</script>. That will cut down on the number of characters you need to get unchanged onto the page.
That being said, I would say there is almost never a case when security is not an issue. By doing this, you are pretty much allowing every user to become an admin with some simple privileged escalation javascript... so you may want to instead make them all admins and let them edit Common.js as needed.
On 2 July 2012 16:02, Daniel Barrett danb@vistaprint.com wrote:
On 29/06/12 21:42, Daniel Barrett wrote:
How can I prevent this conversion so ampersands (and presumably other special characters) are preserved?
Followup up my own question: StripState is not relevant here. It's the fact that it's a parser tag extension. Simply returning "&" in the callback will produce "&". Is there a way to suppress this conversion when returning "&" from a parser tag extension?
DanB
Platonides wrote:
Why do you want a plain & ? Seems like you want invalid html...
Because the output may contain JavaScript and it's converting "if (a&&b)" to "if (a&&b)".
The extension is a tag "<javascript>" that adds arbitrary javascript, supplied by the user, to the wiki page. Security is not an issue because this is a completely internal wiki.
Is there a better way to implement a <javascript> parser tag extension so the HTML-conversion issue doesn't happen?
DanB
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
I don't know, but vanilla MediaWiki has the same problem: "&" inside <html> tags (when they are allowed by $wgRawHtml=true) gets converted to "&" which can break javascript. https://bugzilla.wikimedia.org/show_bug.cgi?id=10407
Pete / the wub
wikitech-l@lists.wikimedia.org