Extension:WikiGenericScript
 |
WARNING: the code or configuration described here poses a major security risk.
Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things. |
 Release status: experimental |
|||
|---|---|---|---|
| Implementation | Hook | ||
| Description | WikiGenericScript is an extension which allows you to embed a predefined javascripts src using <script src="..." type="text/javascript"></script> tags in the menus. For embedding various kinds of inline scripts like Google Gadgets, Google Analytics etc. etc.
Please make sure that the external script you are including is something you trust and use this extension at your own risk. |
||
| Author(s) | Per Olsen (based on code by Siddique Hameed) | ||
| Last version | 1.0 (07/25/2008) | ||
| License | No license specified | ||
| Download | see below | ||
| Example | See below | ||
|
|||
|
Check usage (experimental) |
|||
WikiGenericScript is based upon the idea in Extension:WikiScript by Siddique Hameed. A extension which allows you to embed a external javascripts src using <script src="..." type="text/javascript"></script> tags in your MediaWiki articles.
This variation will allow you to add your own scripts to various hooks. Thus It's very useful for embedding predefined scripts like Google Gadgets, Google Analytics etc. etc.
Unlike other script including extensions this one will enable you to prevent users from adding scripts. Even so please make sure that the external script you are including is something you trust and use this extension at your own risk.
Ongoing effort to find solution for the XSS problems:Global_session_threat_assessment#Using external anonymous services.
Contents |
[edit] Initial thoughts
The following new Extension was made based upon WikiScript - please suggest improvements.
What is needed is something like this $wgHooks['BeforePageDisplay'][] = 'wfWikiTranslateMenu'; that will call extend the "left site bar" with the translate extension. To do:
- The Check for name spaces should be extended
- There could should perhaps also be a 'usercan' check?
- What other hooks can be used or should be used?
- Explore if this should be made even more generic:
-
- Script placement on demand
- Dynamic area of scripts in LocalSettings
- PO (your suggestion here!)
[edit] Usage
You need to provide the specific scripts as a part of your LocalSettings.php. This works as follows:
- Find/build your script
- Decide: to what hook do you want to add this script
- Provide the parameters in localsettings.php
[edit] Parameters
$wgGenScriptThis = 100; Point out the namespace where you want this script to be added value 0, translates to all.
$wgGenScript = "your script here"
[edit] Source code
Source code of "extensions/wikigenericscript.php":
<?php # Wikigenericscript extension # Usage: # # To install it put this file in the extensions directory # To activate the extension, include it from your LocalSettings.php # # require_once( "$IP/extensions/WikiGenericScript.php" ); # $wgGenScriptThis = 100; // Number of the namespace you want to allow translate on # # ## Translate script from Google on # May be set as the standard # $wgGenScript = "http://www.gmodules.com/ig/ifr?url=http://www.google.com/ig/modules/translatemypage.xml&up_source_language=en&synd=open&w=160&h=60&title=Google+Translate+My+Page&lang=all&country=ALL&border=%23ffffff%7C3px%2C1px+solid+%23999999&output=js"; # # ## -> $wgExtensionFunctions[] = "wfWikiGenericscript"; $wgHooks['BeforePageDisplay'][] = 'wfWikiGenScrMenu'; # function wfWikiGenScrMenu() { # global $wgParser; # ## registers the <wikitranslate> extension with the WikiText parser # ## $wgParser->setHook( "wikitranslate", "renderWikiTranslate" ); #} # The callback function for converting the input text to HTML output function renderWikiGenericScrMenu( $output ) { global $wgTitle, $$wgGenScriptThis, $wgGenScript; $ns = $wgTitle->getNamespace(); if ($ns ^= $$wgGenScriptThis) { $output = 'this namespace:'; ##$output .= $wgTitle; $output .= $ns; $output .= ' can not be translated, cause it has to be:'; $output .= $wgTranslateThis; return $output; } else { $output = '<script src="'.$wgGenScript.'" type="text/javascript">'; $output .= '</script>'; return $output; } } ?>
[edit] See also
Extension:Social_Bookmarking, adds a bookmark function to "the bar to the left". Thus wikitranslate can be implemented using a hook AND the script options.
