Extension:CSO iFrame tag

From MediaWiki.org

Jump to: navigation, search
Zeichen 206.svg WARNING: the code or configuration described here poses a major security risk.

Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things.
Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML
Signed: Duesentrieb 19:20, 18 May 2009 (UTC)
   
Manual on MediaWiki Extensions
List of MediaWiki Extensions
Crystal Clear action run.png
CSO iFrame tag

Release status: unknown
Implementation  Tag
Description Add a <CSO_iFrame> to use frames
License No license specified
Download http://en.csharp-online.net/index.php?title=CSO_iFrame_tag_and_extension

check usage (experimental)


The CSO_iFrame tag and extension allows you to put iFrames and iFrame advertisements—like Amazon iFrame ads—safely inside a <CSO_iFrame> tag for use on your MediaWiki pages.

CSO_iFrame only works if the page is protected; so, only a wiki adminstrator with Sysop privileges can modify and add it.

[edit] Example

<CSO_iFrame>src="http://rcm.amazon.com/e/cm?t=xntonxcom-
200&o=1&p=8&l=as1&asins=0764575341&fc1=000000&IS2=1&lt1=
_blank&lc1=0000ff&bc1=000000&bg1=ffffff&f=ifr" 
style="width:120px;height:240px;" scrolling="no" marginwidth="0"
marginheight="0" frameborder="0"</CSO_iFrame>

[edit] See also

  • Extension:SecureHTML will allows sysops to add normal iframes and all other html to protected pages, making this extension unnecessary because it is so limited.
Retrieved from "http://www.mediawiki.org/wiki/Extension:CSO_iFrame_tag"