[Wiktionary-l] Doing things we used to be able to do, in the new upgrade
Jo
cookfire at softhome.net
Thu Dec 23 01:10:47 UTC 2004
Brion Vibber wrote:
> On Dec 21, 2004, at 6:20 AM, Muke Tever wrote:
>
>> Now, you help me. :p It used to be that a few wiktionaries edited
>> [[MediaWiki:Copyrightwarning]] to allow users to click and insert
>> necessary special characters... but it seems it is no longer possible
>> to insert the script (/style/wikibits.js) to allow this. Is there a
>> workaround, or a better way to do it now, or will it just have to
>> revert to a copy-and-paste plain-text list?
>
>
> Arbitrary HTML and JavaScript in the MediaWiki: messages is dangerous,
> and is something that's being phased out. There are a couple reasons
> for this.
>
> The first is security: on our larger sites we have literally
> *hundreds* of sysops with permissions to edit these messages. With
> those numbers, it's hard to assign sufficient 'trust'; even if we
> believe every one of them to be upstanding, well-meaning individuals
> the likelihood of a compromised account increases with every new
> sysop. If a broken-into (or malicious) sysop account can be used to
> add arbitrary HTML or JavaScript code, it could be used to exploit
> security vulnerabilities in web browsers or more simply attack and
> subvert the wiki accounts of other users. Such an attack might be
> found and reverted immediately, or it might attack dozens or hundreds
> -- or thousands -- of visitors before being stopped.
>
> The second is robustness: accidentally or maliciously placed invalid
> HTML could break the site. As the web moves towards more XML (which is
> very strict about proper markup syntax) it can become difficult to
> recover from such a breakage without manual intervention.
>
> There's still a lot of places with raw HTML in messages, so it's an
> ongoing process. Text fragments are being moved to either plaintext or
> wikitext, depending on their use and purpose. (Paragraph-level blocks
> such as the copyright warning are generally wikitext.)
>
> It would probably be worthwhile to write up the special character
> inserter as a MediaWiki extension -- then it could be inserted into
> the wikitext message in a safe, secure way.
>
> -- brion vibber (brion @ pobox.com)
Hi Brion,
I have spent more than 5 hours on creating the following, so I hope it
is useful. (See attachment)
Jo
More information about the Wiktionary-l
mailing list