Extension:Anysite
| This extension stores its source code on a wiki page. Please be aware that this code may be unreviewed or maliciously altered. They may contain security holes, outdated interfaces that are no longer compatible etc. Note: No localisation updates are provided for this extension by translatewiki.net. |
| WARNING: The code or configuration described here poses a major security risk.
Site administrators: You are advised against using it until this security issue is resolved. Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things. Solution: Do not allow javascript urls (Can acess parent of iframe's scope, do standard XSS stuff). Generally allowing users to arbitrarily include random sites is probably a bad thing Bawolff (talk) 16:23, 30 July 2012 (UTC) |
|
Anysite Release status: stable |
|||
|---|---|---|---|
| Implementation | Tag | ||
| Description | Allows safely embedding a website without touching HTML settings. | ||
| Author(s) | User:Gabeyg | ||
| Last version | 1.1 (2007-05-08) | ||
| MediaWiki | 1.7 and later | ||
| License | No license specified | ||
| Download | In the article | ||
| Example | Preparing.. | ||
|
|||
| Check usage and version matrix | |||
Anysite extension allows users to embed or include a website in a wiki page without touching HTML settings.
Contents |
Before Installing [edit]
Many people asked me why I did not allow people to change height and width. That's because I have a belief that the balance of design of the site should not be broken by embedding a site. However, if you like you can use code variations in the discussion page or in this page. The clear difference between Anysite and other extensions is that with other extensions, you have to do bunch of things to embed a single page (because extensions are for adding HTML scripts mainly, not embed), while this extension allows a single line of codes to embed a page. By rendering inputs and outputs using htmlspecialchars, it prevents many possible XSS attacks. This extension is solely for showing and embedding other websites into your wikis, while other extensions mainly focus on adding HTML scripts (which is used to code every websites.) Definitely, if you came here to find the extension that allows you to embed or include other sites into your wiki (for example, allowing users to see a particular webpage in Internet), this extension suits your purpose. If you are for adding the HTML script (for example, adding <div> or <p>) which starts from <html> to </html>, find other extensions. Thanks.
Code [edit]
First, you have to make file called 'anywebsite.php' containing the following code, and place it in your extensions folder.
<?php # Minseong Extension # # Tag : # <anyweb>website</anyweb> # Ex : # from url http://aurora1.sourceforge.net # <anyweb>http://aurora1.sourceforge.net</anyweb> # # Enjoy ! $wgExtensionFunctions[] = 'wfanyweb'; $wgExtensionCredits['parserhook'][] = array( 'name' => 'anysite extension', 'description' => 'Display sites', 'author' => 'Minseong Kim', 'url' => 'http://minseongkim.tistory.com' ); function wfanyweb() { global $wgParser; $wgParser->setHook('anyweb', 'renderanyweb'); } # The callback function for converting the input text to HTML output function renderanyweb($input) { $width = 800; $height = 500; $output= '<iframe name="anyweb" src="'.htmlspecialchars($input) .'" width="'.$width.'" height="'.$height.'" frameborder="0">'.'</iframe>'; return $output; }
Please progress to the installation (right below) after doing this.
Installation [edit]
Then, create and upload 'anywebsite.php' to the extension folder
Then add this code to LocalSettings.php
include("extensions/anywebsite.php");
After installation, to embed a website, use <anyweb>website's full address</anyweb>
Code variation [edit]
Want to pass the iframe size? use this version of the code with the syntax shown.
<?php # Minseong Extension # # Tag : # <anyweb>website</anyweb> # Ex : # from url http://aurora1.sourceforge.net # <anyweb>http://aurora1.sourceforge.net</anyweb> # <anyweb mywidth="800" myheight="600">http://my.server.com/</anyweb> # # Enjoy ! $wgExtensionFunctions[] = 'wfanyweb'; $wgExtensionCredits['parserhook'][] = array( 'name' => 'anysite extension', 'description' => 'Display sites', 'author' => 'Minseong Kim and Others', 'url' => 'http://www.mediawiki.org/wiki/Extension:Anysite' ); function wfanyweb() { global $wgParser; $wgParser->setHook('anyweb', 'renderanyweb'); } # The callback function for converting the input text to HTML output function renderanyweb($input, $argv) { if (isset($argv['mywidth'])) { $width = $argv['mywidth']; } else { $width = 800; } if (isset($argv['myheight'])) { $height = $argv['myheight']; } else { $height = 500; } $output= '<iframe name="anyweb" src="'.htmlspecialchars($input) .'" width="'.$width.'" height="'.$height.'" frameborder="0">'.'</iframe>'; return $output; }
Usage [edit]
You can use this extension to show video from other website without uploading to your site (for multimedia visual reference especially). Insert the following into the article:
<anyweb>the website address</anyweb>
If you use the other Version with width and hight parsing the commands are the following:
<anyweb mywidth="1200" myheight="1000">the website address</anyweb>