Extension:SecureHTML

Purpose
This extension restricts the usage of 'html' tags (functionality which is controlled through the '$wgRawHtml' global variable) to protected pages. Furthermore, the extension allows for the controlled inclusion of templates.

Features
as if they could.
 * Cascading: if the base page is allowed to use 'html' tags, then all included pages will be processed
 * Namespace exemption: configured namespaces are exempted from 'protection' requirement
 * Parser cache friendliness:
 * The extension must be enabled to continue the support of the inserted content
 * Support for the parser function
 * is very well suited for securely embedding widgets such as the ones created with SproutBuilder or GoogleGadgets.
 * The page where the shtml parser function is used does not need to be protected but the template page where the javascript/html widget code is located must though.
 * This behavior makes it easy for administrator to allow selected widgets to be included by the user population of the wiki

Motivation for the parser function
It is sometimes useful to include, in a secure fashion, a template containing 'raw html' in another page. This enables, for example, the construction of gadgets.

Through the added functionality of parameterization using the, the said templates can be customized on a per-page basis without resorting to convoluted escape patterns (e.g.  ) which renders page viewing difficult to humans.

tag

 * Use the standard tags (see Manual:$wgRawHtml) within a protected page. One can either protect the page before or after the inclusion of the said tag(s).

parser function
Use:  where: The page where this parser function is used must be edit protected.
 * is the page name of the article to include
 * are of the form:

parser function
Same usage as for #html with difference that the origin page where this parser function is used does not need to be edit protected. The target page's edit protection attribute ensures security.

Dependancy

 * StubManager extension
 * ParserFunctionsHelper extension is optional and only required for the parser function #shtml

History

 * added namespace exemption functionality i.e. namespaces where article do not need to be protected in order to use 'html' tags
 * use  to turn off
 * use  to add namespaces
 * enhanced with functionality to 'add' content to the document's 'head' section
 * Removed dependency on ExtensionClass
 * Enabled for 'StubManager'
 * Added 'addExemptNamespaces' function

1.1.0

 * Added, by default, NS_MEDIAWIKI namespace to the exemptNamespaces

2.0.0

 * Addition of the parser function

2.1.0

 * Addition of the parser function #shtml (requires Extension:ParserFunctionsHelper)

Todo

 * Fix for allowing more customization of 'exempt' namespaces even when using StubManager
 * Think about renaming the extension to be more distict from Extension:Secure HTML