On 2/27/07, Jim Wilson <wilson.jim.r(a)gmail.com> wrote:
Yeah it's hacky - I can't argue with that -
but it's the only way I know of
to deal with all three of the following:
1) HTML comments found in wikitext are stripped (we get around this by using
an extension tag)
2) Whitespaces in extension output are converted to <br> and <p> tags (we
get around this by putting it in an HTML comment)
3) Malicious users could prematurely end the comment by putting "-->" in
the
keyword text followed by <script> or any other HTML markup (we avoid this by
base64 encoding all input and only decoding it during the meta parsing
step).
If there's a better way to achieve this, I'm open to suggestions. I've been
using this technique on extensions I've been developing since I haven't yet
found a better way. But seriously, if there /is/ a cleaner way to do this
I'd love to know about it :)
Probably the "cleanest" way to do it would be to create a new database
table for it, akin to categorylinks or other metadata tables, and
query that on page render. Whether in practice that's better than the
hacky solution, I don't know.