Extension:Anysite

From MediaWiki.org

Jump to: navigation, search
Manual on MediaWiki Extensions
List of MediaWiki Extensions
Anysite

Release status: experimental
Implementation Tag
Description Allows safely embedding a website without touching HTML settings.
Author(s) User:Gabeyg
Version 1.1 (2007-05-08)
MediaWiki 1.7 and later
Download In the article
Parameters see code
Example Preparing..
WARNING: the code or configuration described here poses a major security risk.

Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things.
Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML
Signed: Duesentrieb 10:41, 7 May 2007 (UTC)

Anysite extension embeds a website in a wiki page without touching HTML settings.

Contents

[edit] Better Option

See SecureHTML extension for a better solution.

[edit] Code

First, you have to make file called 'anywebsite.php' containing the following code, and place it in your extensions folder.

<?php
 # Minseong Extension
 # 
 # Tag :
 #   <anyweb>website</anyweb>
 # Ex :
 #   from url http://aurora1.sourceforge.net
 #   <anyweb>http://aurora1.sourceforge.net</anyweb>
 # 
 # Enjoy !
 $wgExtensionFunctions[] = 'wfanyweb';
 $wgExtensionCredits['parserhook'][] = array(
        'name' => 'anysite extension',
        'description' => 'Display sites',
        'author' => 'Minseong Kim',
        'url' => 'http://gabeyg.myi.cc/'
 );
 function wfanyweb() {
         global $wgParser;
         $wgParser->setHook('anyweb', 'renderanyweb');
 }
 # The callback function for converting the input text to HTML output
 function renderanyweb($input) {
         $width = 800;
         $height = 500;        
         $output= '<iframe name="anyweb" src="'.htmlspecialchars($input)
              .'" width="'.$width.'" height="'.$height.'" frameborder="0">'.'</iframe>';                  
         return $output;
 }

[edit] Installation

First create and upload 'anywebsite.php' to the extension folder

Then add this code to LocalSettings.php

include("extensions/anywebsite.php");

After installation, to embed a website, use

<anyweb>website</anyweb>

[edit] Usage

You can use this extension to show video from other website without uploading to your site (for multimedia visual reference especially).

[edit] See also

[edit] External links

Retrieved from "http://www.mediawiki.org/wiki/Extension:Anysite"
Personal tools