I created a monobook.js file to add this capability for myself on en.wiktionary. Basically because I wanted to be able to use various sets of special characters from time to time and didn't want to force them onto people who didn't want them on en.
So you could certainly make such a .js that any interested user can copy to their own .js file. Or maybe there is a per-wiki .js that a sysop can add to. That ought to be a more structured long term solution.
Please feel free to look at http://en.wiktionary.org/wiki/User:Hippietrail/monobook.js - this is my first ever Javascript and I know it's horrible so also feel free to improve it. I've been wanting to add a per-language popup menu for instance. Also with the new upgrade I want the text to appear before the "templates in this article" stuff.
Andrew Dunbar (hippietrail)
On Wed, 22 Dec 2004 08:04:09 +0100, cookfire cookfire@softhome.net wrote:
Brion Vibber wrote:
On Dec 21, 2004, at 6:20 AM, Muke Tever wrote:
Now, you help me. :p It used to be that a few wiktionaries edited [[MediaWiki:Copyrightwarning]] to allow users to click and insert necessary special characters... but it seems it is no longer possible to insert the script (/style/wikibits.js) to allow this. Is there a workaround, or a better way to do it now, or will it just have to revert to a copy-and-paste plain-text list?
Arbitrary HTML and JavaScript in the MediaWiki: messages is dangerous, and is something that's being phased out. There are a couple reasons for this.
The first is security: on our larger sites we have literally *hundreds* of sysops with permissions to edit these messages. With those numbers, it's hard to assign sufficient 'trust'; even if we believe every one of them to be upstanding, well-meaning individuals the likelihood of a compromised account increases with every new sysop. If a broken-into (or malicious) sysop account can be used to add arbitrary HTML or JavaScript code, it could be used to exploit security vulnerabilities in web browsers or more simply attack and subvert the wiki accounts of other users. Such an attack might be found and reverted immediately, or it might attack dozens or hundreds -- or thousands -- of visitors before being stopped.
The second is robustness: accidentally or maliciously placed invalid HTML could break the site. As the web moves towards more XML (which is very strict about proper markup syntax) it can become difficult to recover from such a breakage without manual intervention.
There's still a lot of places with raw HTML in messages, so it's an ongoing process. Text fragments are being moved to either plaintext or wikitext, depending on their use and purpose. (Paragraph-level blocks such as the copyright warning are generally wikitext.)
It would probably be worthwhile to write up the special character inserter as a MediaWiki extension -- then it could be inserted into the wikitext message in a safe, secure way.
-- brion vibber (brion @ pobox.com)
Hi Brion,
I understand the security implications and I must admit I was already somewhat surprised that it was possible to add javascript to these pages. I have been creating a very comprehensive template for allowing to insert all the accented characters I was able to cram out of my Mandrake Linux Unicode keyboard. It wasn't totally ready yet and it was good to be able to develop it in real time. I will forward it to you tonight. I don't know how to create MediaWiki extensions. Is there a place where this is described. I can program a little, so I should be able to do it with just a few pointers.
Polyglot _______________________________________________ Wiktionary-l mailing list Wiktionary-l@Wikipedia.org http://mail.wikipedia.org/mailman/listinfo/wiktionary-l