Extension:SecureHTML

This extension allows editors to add HTML section(s) or pages on a wiki page. This extension can only be used on protected pages, but allows an editor to add a protected template on an unprotected, editable page. The extension uses the '$wgRawHtml' global variable of Mediawiki.

Features

 * Cascading: if the base page is allowed to use 'html' tags, then all included pages will be processed as if they could.
 * Namespace exemption: configured namespaces are exempted from 'protection' requirement
 * Parser cache friendliness:
 * The extension must be enabled to continue the support of the inserted content
 * Support for the parser function
 * is very well suited for securely embedding widgets such as the ones created with SproutBuilder or GoogleGadgets.
 * The page where the shtml parser function is used does not need to be protected but the template page where the javascript/html widget code is located must though.
 * This behavior makes it easy for administrator to allow selected widgets to be included by the user population of the wiki

tag

 * Use the standard tags (see Manual:$wgRawHtml) within a protected page. One can either protect the page before or after the inclusion of the said tag(s).
 * Complete usage example for using iframes tag:

parser function
Use:  where: The page where this parser function is used must be edit protected.
 * is the page name of the article to include
 * are of the form:

parser function
Same usage as for #html with difference that the origin page where this parser function is used does not need to be edit protected. The target page's edit protection attribute ensures security.

Required extensions

 * StubManager extension
 * ParserFunctionsHelper extension is optional and only required for the parser function #shtml

Reason for the parser function
It is sometimes useful to include, in a secure fashion, a template containing 'raw html' in another page. This enables, for example, the construction of gadgets.

Through the added functionality of parameterization using the, the said templates can be customized on a per-page basis without resorting to convoluted escape patterns (e.g.  ) which renders page viewing difficult to humans.

History

 * added namespace exemption functionality i.e. namespaces where article do not need to be protected in order to use 'html' tags
 * use  to turn off
 * use  to add namespaces
 * enhanced with functionality to 'add' content to the document's 'head' section
 * Removed dependency on ExtensionClass
 * Enabled for 'StubManager'
 * Added 'addExemptNamespaces' function

1.1.0

 * Added, by default, NS_MEDIAWIKI namespace to the exemptNamespaces

2.0.0

 * Addition of the parser function

2.1.0

 * Addition of the parser function #shtml (requires Extension:ParserFunctionsHelper)

Todo

 * Fix for allowing more customization of 'exempt' namespaces even when using StubManager
 * Think about renaming the extension to be more distinct from Extension:Secure HTML