Extension:SecureHTML

From MediaWiki.org

Jump to: navigation, search

         

Manual on MediaWiki Extensions
List of MediaWiki Extensions
Crystal Clear action run.png
SecureHTML

Release status: stable
Implementation  Tag, User rights
Description This extension securely inserts HTML section(s) or pages on a wiki page.
Author(s)  Jean-Lou Dupont
Last Version  2.3.0
MediaWiki  1.10 or later
License No license specified
Download SVN
See SVN ($Id$)

check usage (experimental)

This extension allows editors to add HTML section(s) or pages on a wiki page. This extension can only be used on protected pages, but allows an editor to add a protected template on an unprotected, editable page.

Contents

[edit] Implementation detail

The extension leverages the '$wgRawHtml' global variable of Mediawiki.


[edit] Features

  • Cascading: if the base page is allowed to use 'html' tags, then all included pages will be processed as if they could.
  • Namespace exemption: configured namespaces are exempted from 'protection' requirement
  • Parser cache friendliness:
    • The extension must be enabled to continue the support of the inserted content
  • Support for the parser function {{#html}}
  • {{#shtml}} is very well suited for securely embedding widgets such as the ones created with SproutBuilder or GoogleGadgets.
    • The page where the shtml parser function is used does not need to be protected but the template page where the javascript/html widget code is located must though.
    • This behavior makes it easy for administrator to allow selected widgets to be included by the user population of the wiki

[edit] Motivation for the {{ #html}} parser function

It is sometimes useful to include, in a secure fashion, a template containing 'raw html' in another page. This enables, for example, the construction of gadgets.

Through the added functionality of parameterization using the {@{parameter_here}@}, the said templates can be customized on a per-page basis without resorting to convoluted escape patterns (e.g. </html>{{{parameter_here}}}<html>) which renders page viewing difficult to humans.

[edit] Usage

[edit] < html> tag

  • Use the standard <html> tags (see Manual:$wgRawHtml) within a protected page. One can either protect the page before or after the inclusion of the said tag(s).

[edit] {{ #html}} parser function

Use: {{#html:page_name [|optional parameters]}} where:

  • page_name is the page name of the article to include
  • optional parameters are of the form:
    • param_x = value_x | param_y = value_y

The page where this parser function is used must be edit protected.

[edit] {{ #shtml }} parser function

Same usage as for #html with difference that the origin page where this parser function is used does not need to be edit protected. The target page's edit protection attribute ensures security.

[edit] Example

[edit] Test Page

{{#html:Template:Page1|param1=value1}}

[edit] Template:Page1

This parameter will be replaced when called from Test:Page >> {@{param1}@}

[edit] Required extensions


[edit] Installation

See the Mediawiki Extension table entry "download" above.[1]

[edit] LocalSettings.php

Extension:ExtensionManager: See footnote[2]

require_once( "$IP/extensions/SecureHTML/SecureHTML.php" );

[edit] PEAR

PEAR is a repository of en:PHP software code.

pear channel-discover mediawiki.googlecode.com/svn
  • Install extension through PEAR:
pear install mediawiki/SecureHTML
  • Add the following to LocalSettings.php[2][3]:
require 'MediaWiki/SecureHTML/SecureHTML.php';
  • Note that the required version of PEAR must be respected. Currently, the minimum version of PEAR usable with this channel is v1.6.2. Perform the following command to upgrade to the latest version of PEAR:
pear upgrade pear

[edit] Upgrades through PEAR

Sometimes, it is necessary to clear PEAR's cache in order to perform upgrades.

pear clear-cache

or use the force method:

pear upgrade --force mediawiki/SecureHTML

[edit] PEAR Web Frontend

For easier remote package management, PEAR Frontend WEB can be installed. Installation notes can be found here. An example of the WEB frontend is available here.

[edit] RSS feed

To keep kept up-to-date with this channel, use the following RSS feed__Rss2.jpg.

[edit] Notes

[edit] Other Extensions From the same author

Consult User Jldupont's page.

  1. The most recent release is always available through the extension's PEAR and SVN repositories. This page is not necessarily up-to-date.
  2. 2.0 2.1 2.2 Extension:ExtensionManager does not require any modification to LocalSettings.php because ExtensionManager includes the extension.
    Note that if PHP code caching is in place (e.g. APC, eAccelerator), then to successfully complete the installation a cache flush might be needed.
  3. Modifications to LocalSettings.php is only necessary if not using Extension:ExtensionManager

[edit] History

  • added namespace exemption functionality i.e. namespaces where article do not need to be protected in order to use 'html' tags
    • use SecureHTMLclass::enableExemptNamespaces = false; to turn off
    • use SecureHTMLclass::exemptNamespaces[] = NS_XYZ; to add namespaces
  • enhanced with functionality to 'add' content to the document's 'head' section
  • Removed dependency on ExtensionClass
  • Enabled for 'StubManager'
  • Added 'addExemptNamespaces' function

[edit] 1.1.0

  • Added, by default, NS_MEDIAWIKI namespace to the exemptNamespaces

[edit] 2.0.0

  • Addition of the parser function {{ #html}}

[edit] 2.1.0

[edit] Todo

  • Fix for allowing more customization of 'exempt' namespaces even when using StubManager
  • Think about renaming the extension to be more distict from Extension:Secure HTML

[edit] See also

[edit] Sites using this Extension

Languages Language: 

English  • 日本語
Retrieved from "http://www.mediawiki.org/wiki/Extension:SecureHTML"