Extension:Secure HTML

Occasionally you need to display HTML within a wiki, but allowing it site-wide opens you up to various XSS attacks. This extension solves that problem by letting you specify arbitrary HTML, but only if the HTML includes a corresponding hash that is created by combining the HTML input, along with a secret that only authorized people know.

The extension uses a special page, Special:SecureHTML which helps you build a tag, &lt;shtml&gt;, which acts as a wrapper around raw HTML. An example looks like (linefeeds added for readability):  Hello world!

Installation
Secure HTML has been tested with MediaWiki 1.18 and later (the earliest supported version at the time of this writing). It may work with earlier MediaWiki versions, however.


 * Download the latest version and save it to your computer.
 * Create a folder in the extensions folder named SecureHTML.
 * Move the files to the extensions/SecureHTML/ folder.
 * Edit LocalSettings.php in the root of your MediaWiki installation, and add the following line near the bottom:
 * Modify $wgSecureHTMLSecrets as per below.
 * Go to Special:SecureHTML and use the page to create a hashed snippet of raw HTML using the key secrets defined.
 * Add the hashed snippet to your desired wiki page.

Configuration
Secure HTML uses HMAC digests to sign a piece of raw HTML in a &lt;shtml&gt; tag, using a shared secret key. The $wgSecureHTMLSecrets configuration array may have multiple shared secrets, and is in the format:

The first part of each pair is the key name, and the second part is the key secret. This way, you can logically segment shared secrets among several groups. If a keyname= parameter is not given to the &lt;shtml&gt;</tt> tag, the first entry in $wgSecureHTMLSecrets is assumed. So, for example:

<shtml version="2" hash="ab...cd">HTML

<shtml version="2" keyname="Wiki admin" hash="ab...cd">HTML

<shtml version="2" keyname="developers" hash="ab...cd">HTML

Version 1 (deprecated)
The original version of this extension stored its keys in the global $shtml_keys, and used a simple MD5 concatenation of the key secret and the raw HTML to form the hash. This is potentialy less secure than HMAC, and has been deprecated. If a version=</tt> parameter is not given to the &lt;shtml&gt;</tt> tag, version 1 is a assumed, and keys will be taken from $shtml_keys.

This interface is retained for backwards compatibility with the original version. If you have upgraded from the original version, please convert your snippets as soon as possible, as this interface will be removed at a future date.

Version 2
Version 2 is signified by &lt;shtml version="2" ...&gt;</tt>, and uses a HMAC_SHA256 digest of the raw HTML and key secret. It is the current, default (when using Special:SecureHTML to generate the snippet) and preferred interface.