Well spotted Nick! To be honest the fact that mediawiki allows quotes
in usernames caught me by surprise. Well few extra htmlspecialchars
fixed that. I've also fixed HTML so now it validates by the W3C
validator.
Best regards
Roman
On 22/01/07, Nick Jenkins <nickpj(a)gmail.com> wrote:
Hello
everyone
Back in the summer I did a small demo
http://217.147.83.36:9000/history::171=170 that allowed tracking
contributions. It was quite slow and UTF-8 incompatible.
So I'm pleased to announce that after some optimization and rewriting
it in C I've managed to implement UTF-8 support and substantially
increase performance. At the moment it is several times faster than
current wikidiff2 extension (C++ version) and has peak throughput of
around 3 mb/s.
You can take a look at live demo.
Sample blamemap:
http://217.147.83.36:9001/wiki/Freebsd?trackchanges=blamemap&oldid=1524
Can track even a single character change:
http://217.147.83.36:9001/wiki/Freebsd?trackchanges=diff1&oldid=1516
Handles text swap:
http://217.147.83.36:9001/wiki/Freebsd?trackchanges=diff2&oldid=1513
I've plugged it into mediawiki code so at the moment every article and
talk page is having credits section and corresponding blamemap. At the
moment in order to use this you'll have to have root access to the
server and some changes to the mainline code and database will be
needed. If you're interested in testing this extension drop me a line.
Best regards
Roman
The blamemap looks good!
One thing is that there's an XSS attack vector, by creating usernames with quotes and
JavaScript event property names. There's a
Proof-of-Concept of this here - move your cursor over the "MOVE MOUSE CURSOR OVER
THIS" second paragraph in the blamemap view:
http://217.147.83.36:9001/wiki/Freebsd?trackchanges=blamemap&colors=sta…
One other very very minor thing is that there's a small amount of HTML that the W3C
validator does not like when using the blamemap
view:
http://validator.w3.org/check?uri=http%3A%2F%2F217.147.83.36%3A9001%2Fwiki%…
All the best,
Nick.