Extension talk:SecureHTML

Shouldn't this be written a different way
Shouldn't the localsettings.php lines be written like this:


 * require_once( "includes/DefaultSettings.php" );

In addition, I have wikipedia 1.7, can I use this program?
 * I do not know

Also, have you considered combining this program with the other stubs program? It would be easier to install. Odessaukrain 03:47, 30 March 2008 (UTC)
 * In terms of ease of installation, I would suggest using PEAR. Jean-Lou Dupont 11:39, 30 March 2008 (UTC)
 * Jean-Lou Dupont, thank you for your prompt response, what a wonderful s urprise.
 * Sorry to be so dense, especially when the page clearly says 1.10, does this extension work for wikipedia 1.7?
 * Extension:SecureHTML and Extension:Anysite doesn't work, and Extension:Anysite has major security flaws, so I only have your extension to use.
 * I disagree with you. Check again my extension site Extension:Anysite. --Gabeyg 07:42, 28 December 2008 (UTC)
 * I am trying to embed a blog into my webpage. Odessaukrain 18:42, 30 March 2008 (UTC)
 * I do not know if this works under 1.7 nor will I test this. Sorry. Jean-Lou Dupont 19:19, 30 March 2008 (UTC)
 * Why don't you test it? Nothing will explode I am sure ;-) Jean-Lou Dupont 19:32, 30 March 2008 (UTC)
 * Sure, I will let you know asap. I just didn't want to go through the hassle if other people have already tested it. Odessaukrain 09:31, 31 March 2008 (UTC)

Hi, Is there a way to set the width and height of the included html page on a case by case basis? How is that handled in this extension? e.g. to order to avoid scroll bars 118.92.110.162 07:45, 15 May 2008 (UTC)
 * Hi - the extension has nothing to do with scrollbars - you must control this behavior. Are you by any chance including an iframe?

Jean-Lou Dupont 10:12, 15 May 2008 (UTC)
 * Thanks for the quick response. I was just trying to compare it with the anysite extension.  With anysite the height and width of the HTML you embed is controlled globally in the extension file.  If you embed a page larger than the allowed area, then it puts scroll bars on it, so yes, I guess the anysite extension does put it into an iframe.


 * If I use securehtml, does it allow me to embed another URL into the page? If so, how is the height and width controlled for how that page appears - just by the surrounding mediawiki code?
 * 130.195.86.36 22:42, 15 May 2008 (UTC)
 * It allows unrestricted HTML using tag section on edit protected pages (see the protect tab on each page). If you require more information on HTML in general, I would suggest googling. Jean-Lou Dupont 23:48, 15 May 2008 (UTC)


 * Same for me as described above. onyl if ($wgRawHtml = false;) + protected template reading ... + Extension:ParserFunctionsHelper + --Subfader 19:09, 9 July 2008 (UTC)

Functionality explained?
I am not a programmer and at the edge of my understanding when I read the description of this extension. Looking for a simple solution to include javascript and php code in pages without compromising security. When comparing this extension with Extension:HTMLets the latter seems less complicated. I don't need the functionality of SecureHTML that allows users to include widgets, at least not for now. Are there other options/functions I possibly might miss if I go for the simpler solution using HTMLets? --Kassoe 20:54, 15 May 2008 (UTC)
 * I am putting the finishing touches to Extension:SecureWidgets which should be helpful. I also commit to adding more details on Extension:SecureHTML shortly.
 * I do not have a side-by-side comparison with other extensions, sorry. Jean-Lou Dupont 23:49, 15 May 2008 (UTC)

MW 1.12.0 plus current secureHTML (SVN) - June 25, 2008 [SOLVED]
Jean-Lou:

Thanks for this extension! I'm trying to get it to work without full success.

I've created a protected template which includes the html code to display content from another server. After saving the template, the content displays nicely within the template (just the way I want it to display in an article). However, when I embed the template within the article, all one sees is the html code as it was written in the template and not the display of the 's content.

Any ideas what to look at? Thanks. -- Rik

ps: I do have the stubmanager extension installed as well and listed above the "require_once" statement for secureHTML.
 * That's probably because the target page isn't edit protected. In this case, use the #shtml parser function. Jean-Lou Dupont 10:22, 25 June 2008 (UTC)

Jean-Lou:

I installed ParserFunctionsHelper and that solved the problem for both protected and unprotected edits. Without ParserFunctionsHelper, I still can't get the protected edits to work. But since it works both ways with ParserFunctionsHelper installed, that solves the problem for me.

Thank you very much both for the great extensions and your help. -- Rik
 * My pleasure. Jean-Lou Dupont 00:52, 26 June 2008 (UTC)

php include?
Is there a way to include php files in teh protected templates without using iframes? I mean real includes  --Subfader 19:16, 9 July 2008 (UTC)
 * Use Extension:SecurePHP. Jean-Lou Dupont 02:21, 13 July 2008 (UTC)

Installation Problem
I have installed both stubmanager and securehtml... i think

Specail:version shows it as having been installed. But its not working right. I am trying to embed a Picasa slide show. In the wiki I put



When I hit "preview" it appears fine but when I save the page I just see the source, not the flash slideshow. I locked down the page so only my registered and trusted users can edit it, but no luck

Suggestions?
 * And the page is protected for the edit right, right? Jean-Lou Dupont 00:20, 31 August 2008 (UTC)

Yea. I have it Sysop only!

I don't know if this helps but here is what I have installed

Installed extensions

Special pages MultipleUpload	Allows users to upload several files at once	Travis Derouin Parser hooks

FlashMP3 (Version v0.91)	Plays mp3-files in an embedded Flash-player	Matthias Korn

Flickr	Display Flickr image and link to photo page on Flickr as per their terms 	Edward Simpson Other

DiscussionThreading	Add Threading to discussion (talk) pages	Jack D. Pond

FCKeditor extension (Version fckeditor/mw-extension $Rev$ 2007)	FCKeditor extension

Google Maps Extension (Version 0.9.1)	Easily create maps with wiki-fied markers	Evan Miller

SecureHTML (Version @@package-version@@)	Enables secure HTML code on protected pages	Jean-Lou Dupont

StubManager (Version 1.3.0)	Provides stubbing facility for extensions handling rare events. Customization template: mediaWiki:ExtensionState. Extensions registered:

SecureHTML. Jean-Lou Dupont
 * And the require statement for StubManager appears *before* ones for my other extensions? Jean-Lou Dupont 07:03, 31 August 2008 (UTC)
 * This extension is pretty simple in nature: the problem you are experiencing is most probably due to unwanted interaction(s) with some other extension you have installed. I can't help at this point. Sorry. Jean-Lou Dupont 14:47, 2 September 2008 (UTC)

Does it work on 1.13?
Hello, I use MediaWiki 1.13 and it seems that SecureHTML doesn't work properly with this version. Is there something I can do to use this extension with 1.13 ? -- Marineam 12:07, 01 October 2008 (UTC)


 * Have you seen that you need the StubManager and the ParserFunctionsHelper extensions to get it working? --Subfader 14:35, 1 October 2008 (UTC)
 * I haven't tried 1.13 yet... I'll get around to it at some point though. Jean-Lou Dupont 01:48, 2 October 2008 (UTC)
 * I had no probs moving from 1.12 to 1.13 --Subfader 05:46, 2 October 2008 (UTC)

Linking
I think it would be usefull to create a link when using a template with the #html or #sthml tag. By now the used templates are displayed as unused and you can not see where they are used. --77.182.140.72 11:18, 14 December 2008 (UTC)


 * Ditto. --Subfader 17:21, 14 December 2008 (UTC)


 * And this is a third vote for this feature. —Twisted86 21:46, 20 February 2009 (UTC)


 * Somebody there who will make further development. I could even put it into a SVN repo if someone would insert this feature. --DaSch 00:26, 2 April 2009 (UTC)

#shtml in condition code
Hi. I'm trying to include a html template when it's only me. Like this: (CURRENTUSER is called by another extension) but then it displays the template but  below in plain text. Any idea how to get around it? Thanks! --Subfader 13:58, 18 January 2009 (UTC)
 * Ok me dumb. I fixed by adding the condition in the template page {{#ifeq:UserX|{{CURRENTUSER}}| .... --Subfader 14:02, 18 January 2009 (UTC)

Wiki Links
Hi, I'm trying to get [[media:foo]] links working within SecureHTML (Passing them as arg. by the #shtml tag, so that they get resolved to http://... links. Any ideas?


 * On a similar note, I have a template page with some JS on it and an HTML form inside a table. The last thing on the template is a line of text with a wikilink foo in it. I transclude the template using . The problem is that the wikilink is not interpreted—i.e. it prints as foo instead of foo. Suggestions? —Twisted86 21:50, 20 February 2009 (UTC)

Wonderful extension
Just wanted to say Thank you. After reading all the scary warnings on mediawiki.org about allowing html I almost gave up. I use this extension quite long now and must say it really is secure via protecting the template. Lots of things are possible using this extension. Cheerio! --Subfader 02:39, 28 January 2009 (UTC)


 * And I add my thanks, too. I originally installed it just to be able add a PayPal form, but there's lots of cool stuff I am envisioning now. Nice extension. —Twisted86 21:52, 20 February 2009 (UTC)


 * Yes it's an wonderful extension. But it's sad that there is no further development. --DaSch 23:51, 20 February 2009 (UTC)