Extension:Secure HTML

The problem is you occasionally need to display arbitrary HTML within a wiki, but allowing it site-wide opens you up to various XSS attacks. This extension solves that problem by letting you specify arbitrary HTML, but only if the HTML includes a correspoding hash that is created by combining the HTML input, along with a secret key that only authorized people know.

Once you set up the extension, go to Special:SecureHTMLInput, input an optional key name, the key value, and the HTML you wish to display. The page will return a snippet such as this:

This is some HTML

Simply place the generated snippet within an article, and the HTML will be displayed. However, if somebody else tries to modify that HTML block, the hash will no longer compute correctly, and the HTML will not be displayed within the article.

Installation

 * 1) Copy the two codes below into two text files, save the files as SecureHTML.php and SpecialSecureHTMLInput.php
 * 2) Save the SecureHTML.php in the extensions directory of your MediaWiki folder.
 * 3) Save the SpecialSecureHTMLInput.php in the includes directory of your MediaWiki folder.
 * 4) Add the line  to the end of your LocalSettings.php file.
 * 5) Add the line  at the bottom of the other require_once lines in your LocalSettings.php file.

Now you can use this extension.