Isn't it a very significant security risk to allow users to write arbitrary
javascript that could get shown to every other wiki user who visits the
site? If this is a public wiki we're talking about that allows free
registration, this would be something you simply cannot allow.
Larry Silverman
Chief Technology Officer
TrackAbout, Inc.
On Wed, Sep 3, 2014 at 7:46 AM, Myname To <mailusenet(a)yahoo.de> wrote:
hello, can you please help me with this:
I recently installed mediawiki on Centos6.5 and after following the
instructions for adding HTML and JS to
wikipages:
http://www.mediawiki.org/wiki/Adding_HTML_to_wiki_pages (the page was
last modified on 22 August 2014, at 21:10.)
I can't use no simple javascript with wikimedia ...
First I checked in LocalSettings.php:
$wgUseSiteJs = true;
$wgAllowUserJs = true;
$wgAllowUserCss = true;
My Mediawiki is completely empty so I put Inside
MediaWiki:YourScript.js nothing else than:
var helloWorld = document.getElementById('helloWorldID');
newPageElement.innerHTML = '<script type="text/javascript">
document.write('<b>Hello World</b>');
</script>';
also in MediaWiki:Common.js I have just one single code:
importScript('MediaWiki:YourScript.js');
and for the Template:helloWorld I did only that:
<div id="helloWorldID"></div>
and in MediaWiki:YourScript it stand one word:
{{helloWorld}}
... nothing happens (also after refresh, shift f5 etc.)
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l