On Dec 21, 2004, at 6:20 AM, Muke Tever wrote:
Now, you help me. :p It used to be that a few
wiktionaries edited
[[MediaWiki:Copyrightwarning]] to allow users to click and insert
necessary special characters... but it seems it is no longer possible
to insert the script (/style/wikibits.js) to allow this. Is there a
workaround, or a better way to do it now, or will it just have to
revert to a copy-and-paste plain-text list?
Arbitrary HTML and JavaScript in the MediaWiki: messages is dangerous,
and is something that's being phased out. There are a couple reasons
for this.
The first is security: on our larger sites we have literally
*hundreds* of sysops with permissions to edit these messages. With
those numbers, it's hard to assign sufficient 'trust'; even if we
believe every one of them to be upstanding, well-meaning individuals
the likelihood of a compromised account increases with every new
sysop. If a broken-into (or malicious) sysop account can be used to
add arbitrary HTML or JavaScript code, it could be used to exploit
security vulnerabilities in web browsers or more simply attack and
subvert the wiki accounts of other users. Such an attack might be
found and reverted immediately, or it might attack dozens or hundreds
-- or thousands -- of visitors before being stopped.
The second is robustness: accidentally or maliciously placed invalid
HTML could break the site. As the web moves towards more XML (which is
very strict about proper markup syntax) it can become difficult to
recover from such a breakage without manual intervention.
There's still a lot of places with raw HTML in messages, so it's an
ongoing process. Text fragments are being moved to either plaintext or
wikitext, depending on their use and purpose. (Paragraph-level blocks
such as the copyright warning are generally wikitext.)
It would probably be worthwhile to write up the special character
inserter as a MediaWiki extension -- then it could be inserted into
the wikitext message in a safe, secure way.
-- brion vibber (brion @
pobox.com)
Hi Brion,
I have spent more than 5 hours on creating the following, so I hope it
is useful. (See attachment)
Jo