Extension talk:WikiScript

From MediaWiki.org

Jump to: navigation, search

XSS alert. Jean-Lou Dupont 23:35, 30 August 2007 (UTC)


Zeichen 206.svg WARNING: the code or configuration described here poses a major security risk.

Problem: Vulnerable to Cross-site scripting attacks, because it passes user input directly to the browser. This may lead to user accounts being hijacked, among other things.
Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML
Signed: Asset 10:27, 25 July 2008 (UTC)



Contents

[edit] Protected Pages Only

Is there a way to limit this extension to pages that are protected only? For example. I only need this to run on my homepage and a few of the category pages. I'd like it to run on only those pages. I know this is how the addHTML extension works, but I'm not a coder to put it all together.

-Jacob


You may want to look at the suggested new extension below, for ideas. This does something like what you want, but with one single namespace (i don't know PHP that much yet, but I guess that what is needed is a table of pages that you want to open for this).

I use Extension:lockdown and got some ideas from looking at that extension also. --Asset 20:58, 24 July 2008 (UTC)

[edit] Auto add Google Translate to namespaces.. and more!

Is there a way to add a script like below to specific namespace pages only, that is I need to translate a load of pages, and thus need this for specific pages. --Asset 19:16, 24 July 2008 (UTC)

<wikiscript src="http://www.gmodules.com/ig/ifr?url=http://www.google.com/ig/modules/translatemypage.xml&up_source_language=en&synd=open&w=160&h=60&title=Google+Translate+My+Page&lang=all&country=ALL&border=%23ffffff%7C3px%2C1px+solid+%23999999&output=js"> </wikiscript>

Further, when I run this translation on my site I am redirected to some google page like this:

http://translate.google.com/translate?client=tmpg&hl=en&u=http://<MYSITE>.dk/wiki/index.php?title=MO:Introduction&langpair=en|da

And for this makes Wiki think that I am not logged on! Do you know if I can avoid this in some ways? --Asset 19:16, 24 July 2008 (UTC)


( Finally, it appears that ther MAY be a problem with the gadget when I have a page with mixed languages?? Perhaps someone knows a cure for this?? )

[edit] WikiTranslate suggestions

Sorry for using this space for this I whave now moved this to Extension:WikiGenericScript please look in and provide ideas! --Asset 19:43, 25 July 2008 (UTC)

[edit] Moved original coding to talk

I moved the original coding to talk, as the new version has several benefits over this one:

[edit] Source code

Source code of "extensions/wikiscript.php":

 
<?php
# WikiScript extension
 
# Usage:
# <wikiscript src="http://gmodules.com/ig/ifr?
#url=http://www.therandomhomepage.com/google/gadgets/randomwiki/RandomWikiModule.xml
#&amp;up_moduletitle=&amp;up_language=en&amp;synd=open&amp;w=320&amp;h=350&amp;title=
#&amp;lang=en&amp;country=ALL&amp;border=%23ffffff%7C3px%2C1px+solid+%23999999&amp;output=js">
#</wikiscript>
 
# To install it put this file in the extensions directory 
# To activate the extension, include it from your LocalSettings.php
# with: require("extensions/wikiscript.php");
 
$wgExtensionFunctions[] = "wfWikiScript";
 
function wfWikiScript() {
    global $wgParser;
    # registers the <wikiscript> extension with the WikiText parser
    $wgParser->setHook( "wikiscript", "renderWikiScript" );
}
 
# The callback function for converting the input text to HTML output
function renderWikiScript( $input, $argv ) {
    $output = '<script src="'.$argv["src"].'" type="text/javascript">';
    $output .= '</script>';
    return $output;
}
?>

Source code of "extensions/wikiscript.php" plus XSS protection (only internal pages):

 
<?php
# WikiScript extension
 
# Usage:
# <wikiscript src="nameofyourjavascriptfile.js" />
# Place scripts in folder js_scripts
 
# To install it put this file in the extensions directory 
# To activate the extension, include it from your LocalSettings.php
# with: require("extensions/wikiscript.php");
 
$wgExtensionFunctions[] = "wfWikiScript";
 
function wfWikiScript() {
    global $wgParser;
    # registers the <wikiscript> extension with the WikiText parser
    $wgParser->setHook( "wikiscript", "renderWikiScript" );
}
 
# The callback function for converting the input text to HTML output
function renderWikiScript( $input, $argv ) {
    $output = '<script src="./js_scripts/'.str_replace( '..', '', $argv["src"]).'" type="text/javascript">';
    $output .= '</script>';
    return $output;
}
?>
Retrieved from "http://www.mediawiki.org/wiki/Extension_talk:WikiScript"