Extension:Secure HTML

Occasionally you need to display HTML within a wiki, but allowing it site-wide opens you up to various XSS attacks. This extension solves that problem by letting you specify arbitrary HTML, but only if the HTML includes a corresponding hash that is created by combining the HTML input, along with a secret key that only authorized people know.

Once you set up the extension, go to Special:SecureHTMLInput:
 * 1) input an optional key name,
 * 2) the key value, and
 * 3) the HTML you wish to display.

The page will return a snippet such as this:

Simply cut and paste the generated snippet within an article, and the HTML will be displayed. However, if somebody else tries to modify that HTML block, the hash will no longer compute correctly, and the HTML will not be displayed within the article.

Installation

 * 1) Copy the two codes below into two text files, save the files as SecureHTML.php and SpecialSecureHTMLInput.php
 * 2) Save the SecureHTML.php in the extensions folder of your MediaWiki folder.
 * 3) Save the SpecialSecureHTMLInput.php in the includes folder of your MediaWiki folder.
 * 4) Add the line  to the end of your LocalSettings.php file above.
 * 5) In LocalSettings.php also add:
 * Adding your secret key string, replacing "Place a secret key string here".

Go to Special:SecureHTMLInput on your wiki to add the HTML block.