Extension talk:CSO iFrame tag

From MediaWiki.org
Jump to: navigation, search

"CSO_iFrame is secure if the page is protected; so, only a wiki adminstrator with Sysop privileges can modify it."

Can you make it so that the CSO_iFrame tag is only executed on pages created by admins?

Putting this on a protected page provides no security when a new user can simply create a new unprotected page and use the CSO_iFrame tag.

Another option would be to only allow iframe content from trusted domains that you can specify in a config file.

Retrieved from "http://www.mediawiki.org/w/index.php?title=Extension_talk:CSO_iFrame_tag&oldid=258971"
Personal tools
Namespaces
Variants
Actions
Site
Support
Download
Development
Communication
Print/export
Toolbox