Well spotted Nick! To be honest the fact that mediawiki allows quotes in usernames caught me by surprise. Well few extra htmlspecialchars fixed that. I've also fixed HTML so now it validates by the W3C validator.
Best regards Roman
On 22/01/07, Nick Jenkins nickpj@gmail.com wrote:
Hello everyone
Back in the summer I did a small demo http://217.147.83.36:9000/history::171=170 that allowed tracking contributions. It was quite slow and UTF-8 incompatible. So I'm pleased to announce that after some optimization and rewriting it in C I've managed to implement UTF-8 support and substantially increase performance. At the moment it is several times faster than current wikidiff2 extension (C++ version) and has peak throughput of around 3 mb/s. You can take a look at live demo. Sample blamemap: http://217.147.83.36:9001/wiki/Freebsd?trackchanges=blamemap&oldid=1524
Can track even a single character change: http://217.147.83.36:9001/wiki/Freebsd?trackchanges=diff1&oldid=1516
Handles text swap: http://217.147.83.36:9001/wiki/Freebsd?trackchanges=diff2&oldid=1513
I've plugged it into mediawiki code so at the moment every article and talk page is having credits section and corresponding blamemap. At the moment in order to use this you'll have to have root access to the server and some changes to the mainline code and database will be needed. If you're interested in testing this extension drop me a line.
Best regards Roman
The blamemap looks good!
One thing is that there's an XSS attack vector, by creating usernames with quotes and JavaScript event property names. There's a Proof-of-Concept of this here - move your cursor over the "MOVE MOUSE CURSOR OVER THIS" second paragraph in the blamemap view: http://217.147.83.36:9001/wiki/Freebsd?trackchanges=blamemap&colors=stab...
One other very very minor thing is that there's a small amount of HTML that the W3C validator does not like when using the blamemap view: http://validator.w3.org/check?uri=http%3A%2F%2F217.147.83.36%3A9001%2Fwiki%2...
All the best, Nick.