<style> tag in template - MediaWiki-l - lists.wikimedia.org

List overview All Threads
Download

<style> tag in template

RTL support in non-RTL Wikis

MediaWiki with e-mail notification...

solo turn

11 May 2005 11 May '05

4:46 p.m.

hi, is there a possibility to include a <style> tag so it does not get "reformatted"? or have something like a "rawhtml" tag, where the contents does not get touched? use case: format tables via a {{mytabletemplate}}, and define styles for <table>, <tr>, <td> to avoid repeating them all the time. -solo.

Reply

Show replies by date

solo turn

11 May 11 May

8:37 p.m.

New subject: [Mediawiki-l] Re: <style> tag in template

with the following extension it works: $wgExtensionFunctions[] = "wfRawHtmlExtension"; function wfRawHtmlExtension() { global $wgParser; $wgParser->setHook( "rawhtml", "renderRawHtml" ); } function renderRawHtml( $input ) { return $input; } to prevent any editing you have to write: <rawhtml> <style> <nowiki> ... here go your styles ... </nowiki> </style> </rawhtml> -solo. On 5/11/05, solo turn <soloturn(a)gmail.com> wrote:

hi, is there a possibility to include a <style> tag so it does not get "reformatted"? or have something like a "rawhtml" tag, where the contents does not get touched? use case: format tables via a {{mytabletemplate}}, and define styles for <table>, <tr>, <td> to avoid repeating them all the time. -solo.

Reply

Brion Vibber

8:43 p.m.

New subject: [Mediawiki-l] Re: <style> tag in template

solo turn wrote:

with the following extension it works: $wgExtensionFunctions[] = "wfRawHtmlExtension";

Why would you add this when a raw HTML tag is built in to the wiki and can be optionally enabled? See DefaultSettings.php. Note that raw HTML sections are *very dangerous* on a publically editable wiki. -- brion vibber (brion @ pobox.com)

Reply

Graeme Canivet

10:11 p.m.

New subject: [Mediawiki-l] Re: <style> tag in template

Umm, I just made a <includeraw> extension - since I had no idea that this existed.... In mine, I only allow the tag for protected pages? Perhaps that is a better option. G. -----Original Message----- From: mediawiki-l-bounces(a)Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of Brion Vibber Sent: May 11, 2005 4:44 PM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] Re: <style> tag in template solo turn wrote:

with the following extension it works: $wgExtensionFunctions[] = "wfRawHtmlExtension";

Why would you add this when a raw HTML tag is built in to the wiki and can be optionally enabled? See DefaultSettings.php. Note that raw HTML sections are *very dangerous* on a publically editable wiki. -- brion vibber (brion @ pobox.com)

Reply

solo turn

12 May 12 May

9:58 a.m.

New subject: [Mediawiki-l] Re: <style> tag in template

that sounds appealing! what made me write this was that i did not switch on $wgWhitelistEdit = true; and it did not work even if i was logged in. kind of not logical, don't you think? -solo. On 5/12/05, Graeme Canivet <gjcanive(a)uwaterloo.ca> wrote:

Umm, I just made a <includeraw> extension - since I had no idea that this existed.... In mine, I only allow the tag for protected pages? Perhaps that is a better option. G. -----Original Message----- From: mediawiki-l-bounces(a)Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of Brion Vibber Sent: May 11, 2005 4:44 PM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] Re: <style> tag in template solo turn wrote:

with the following extension it works: $wgExtensionFunctions[] = "wfRawHtmlExtension";

Why would you add this when a raw HTML tag is built in to the wiki and can be optionally enabled? See DefaultSettings.php. Note that raw HTML sections are *very dangerous* on a publically editable wiki. -- brion vibber (brion @ pobox.com) _______________________________________________ MediaWiki-l mailing list MediaWiki-l(a)Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l

Reply

solo turn

9:32 a.m.

New subject: [Mediawiki-l] Re: <style> tag in template

do you know a good example which shows this "VERY dangerous"? dangerous for whom? if somebody adds a javascript function that changes the admin password and hopes an admin would click on it? we do not need real raw html, just the styles. do you see any danger in having the <style> tag enabled? -solo On 5/11/05, Brion Vibber <brion(a)pobox.com> wrote:

... a raw HTML tag is built in to the wiki and can be optionally enabled? See DefaultSettings.php. Note that raw HTML sections are *very dangerous* on a publically editable wiki.

Reply

Brion Vibber

9:58 a.m.

New subject: [Mediawiki-l] Re: <style> tag in template

solo turn wrote:

do you know a good example which shows this "VERY dangerous"? dangerous for whom? if somebody adds a javascript function that changes the admin password and hopes an admin would click on it?

That's one of many possibilities, yes. For background information, google up cross-site scripting attacks as well as general browser vulnerabilities (including among other things ActiveX malware and various image decoder and other buffer overflows which could be exploited on unpatched browsers by HTML injection). Hijacking trusted site permissions to install malware on the client machine, hijacking sessions to gain admin privileges on the wiki, installing password sniffers, etc. (Remember that many people use the same password on many sites.)

we do not need real raw html, just the styles. do you see any danger in having the <style> tag enabled?

Internet Explorer executes JavaScript expressions and javascript: URLs in CSS styles, so you'd want to be careful about filtering these. We do some checks for that on style attributes in embedded HTML in the wiki. -- brion vbber (brion @ pobox.com)

Reply

6948

days inactive

6949

days old

mediawiki-l@lists.wikimedia.org

Manage subscription

6 comments

3 participants

tags (0)

participants (3)

Brion Vibber
Graeme Canivet
solo turn