Extension:SecureHTML

Purpose
This extension restricts the usage of 'html' tags (functionality which is controlled through the '$wgRawHtml' global variable) to protected pages. Furthermore, the extension allows for the controlled inclusion of templates.

Features
as if they could.
 * Cascading: if the base page is allowed to use 'html' tags, then all included pages will be processed
 * Namespace exemption: configured namespaces are exempted from 'protection' requirement
 * Parser cache friendliness:
 * The extension must be enabled to continue the support of the inserted content
 * Support for the parser function

Motivation for the parser function
It is sometimes useful to include, in a secure fashion, a template containing 'raw html' in another page. This enables, for example, the construction of gadgets.

Through the added functionality of parameterization using the, the said templates can be customized on a per-page basis without resorting to convoluted escape patterns (e.g.  ) which renders page viewing difficult to humans.

tag

 * Use the standard tags (see Manual:$wgRawHtml) within a protected page. One can either protect the page before or after the inclusion of the said tag(s).

parser function
Use:  where: The page where this parser function is used must be edit protected.
 * is the page name of the article to include
 * are of the form:

parser function
Same usage as for #html with difference that the origin page where this parser function is used does not need to be edit protected. The target page's edit protection attribute ensures security.

Dependancy

 * StubManager extension
 * ParserFunctionsHelper extension is optional and only required for the parser function #shtml

History

 * added namespace exemption functionality i.e. namespaces where article do not need to be protected in order to use 'html' tags
 * use  to turn off
 * use  to add namespaces
 * enhanced with functionality to 'add' content to the document's 'head' section
 * Removed dependency on ExtensionClass
 * Enabled for 'StubManager'
 * Added 'addExemptNamespaces' function

1.1.0

 * Added, by default, NS_MEDIAWIKI namespace to the exemptNamespaces

2.0.0

 * Addition of the parser function

2.1.0

 * Addition of the parser function #shtml (requires Extension:ParserFunctionsHelper)

Todo

 * Fix for allowing more customization of 'exempt' namespaces even when using StubManager
 * Think about renaming the extension to be more distict from Extension:Secure HTML