Extension:EasyAddHTML

From MediaWiki.org

Jump to: navigation, search
Zeichen 206.svg WARNING: the code or configuration described here poses a major security risk.

Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things.
Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML

         

Manual on MediaWiki Extensions
List of MediaWiki Extensions
Crystal Clear action run.png
EasyAddHtml

Release status: stable
Crystal Clear action run.png
Implementation  Tag
Description
MediaWiki  1.6.10+
License No license specified
Download no link
Example  http://testmw.net46.net/mediawiki-1.11.0/index.php/AddHTML_Test

check usage (experimental)

Contents

[edit] What can this extension do?

It can add HTML code and replaces the AddHTML Extension because it just needs part of a document like <a href="http://xyz.com">XYZ</a>, not like <html><body><a href="http://xyz.com">XYZ</a></body></html>. It lets anybody use the tag incase a person doesn't know wikitext. This could damage your servers. Please use AddHTML for a safer option.

[edit] Usage

[edit] Download instructions

Please cut and paste the code found below and place it in $IP/extensions/addhtml.php. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.

[edit] Installation

To install this extension, add the following to LocalSettings.php:

require_once("$IP/extensions/addhtml.php");

Also, in the extensions folder, make a file named addhtml.php and add this code to the file:

<?php
/**
 * EasyAddHTML
 * This extension can write HTML in MediaWiki
 * written by Akanasoft
 * http://neelchauhan.110mb.com/index.html
 * To activate the functionality of this extension include the following in your
 * LocalSettings.php file:
 * require_once('$IP/extensions/addhtml.php');
 */
$wgExtensionFunctions[] = 'efSampleSetup';
 
function efSampleSetup() {
    if ( defined( 'MW_SUPPORTS_PARSERFIRSTCALLINIT' ) ) { // If we are using MediaWiki 1.13+
        global $wgHooks;
        $wgHooks['ParserFirstCallInit'][] = array( 'efSampleParserInit' ); // delay loading the hook until the parser initializes itself
    } else { // Otherwise do things the old fashioned way
        global $wgParser;
        if ( class_exists( 'StubObject' ) && !StubObject::isRealObject( $wgParser ) ) {
            $wgParser->_unstub();
        }
        efSampleParserInit( $wgParser );
    }
}
 
function efSampleParserInit( &$parser ) {
    $parser->setHook( 'addhtml', 'efSampleRender' );
}
 
function efSampleRender( $input, $args, $parser ) {
    // Nothing exciting here, just escape the user-provided
    // input and throw it back out again
    return $input;
}
?>

[edit] User rights

This script is Public Domain.

[edit] See also

Extension:AddHTML & Extension:SecureAddHTML (recommended after July 6th, 2008)

Retrieved from "http://www.mediawiki.org/wiki/Extension:EasyAddHTML"