Extension:SecureHTML

The author of this extension is no longer maintaining it! Meaning any reports for additional features and/or bugfixes will more than likely be ignored. Volunteers are encouraged to take on the task of developing and maintaining it. As a courtesy, you may want to contact the author. You should also remove this template and list yourself as maintaining the extension in the page's {{extensions}} infobox.

**MediaWiki extensions manual** - **list**
SecureHTML Release status: beta
Implementation	Tag, User rights
Description	This extension securely inserts HTML section(s) or pages on a wiki page.
Author(s)	Jean-Lou Dupont
Last version	2.3.0
MediaWiki	1.10.0 - 1.15.x
License	No license specified
Download	SVN See SVN ($Id$)
Check usage (experimental)

This extension allows editors to add HTML section(s) or pages on a wiki page. This extension can only be used on protected pages, but allows an editor to add a protected template on an unprotected, editable page. The extension uses the '$wgRawHtml' global variable of Mediawiki.

[edit] Features

Cascading: if the base page is allowed to use 'html' tags, then all included pages will be processed as if they could.
Namespace exemption: configured namespaces are exempted from 'protection' requirement
Parser cache friendliness:
- The extension must be enabled to continue the support of the inserted content
Support for the parser function {{#html}}
{{#shtml}} is very well suited for securely embedding widgets such as the ones created with SproutBuilder or GoogleGadgets.
- The page where the shtml parser function is used does not need to be protected but the template page where the javascript/html widget code is located must though.
- This behavior makes it easy for administrator to allow selected widgets to be included by the user population of the wiki

[edit] Usage

[edit] < html> tag

Use the standard <html> tags (see Manual:$wgRawHtml) within a protected page. One can either protect the page before or after the inclusion of the said tag(s).
Complete usage example for using iframes tag:

<html><iframe src="http://stim.com/" width=600 height=500></iframe></html>

[edit] {{ #html}} parser function

Use: {{#html:page_name [|optional parameters]}} where:

page_name is the page name of the article to include
optional parameters are of the form:
- param_x = value_x | param_y = value_y

The page where this parser function is used must be edit protected.

[edit] {{ #shtml }} parser function

Same usage as for #html with difference that the origin page where this parser function is used does not need to be edit protected. The target page's edit protection attribute ensures security.

[edit] Example

[edit] Test Page

{{#html:Template:Page1|param1=value1}}

[edit] Template:Page1

This parameter will be replaced when called from Test:Page >> {@{param1}@}

[edit] Required extensions

StubManager extension
ParserFunctionsHelper extension is optional and only required for the parser function #shtml

[edit] Installation

See the Mediawiki Extension table entry "download" above.^[1]

[edit] LocalSettings.php

Extension:ExtensionManager: See footnote^[2]

Add the following to LocalSettings.php, if the extension was downloaded from Jean-Lou Dupont's MediaWiki SVN directory (link in the download entry of the table above)^[2]:

require_once( "$IP/extensions/SecureHTML/SecureHTML.php" );

Since this Extensions is depending on StubManager, add the line after the StubManager include, or else your Wiki won't work.

[edit] PEAR

PEAR is a repository of PHP software code.

Install the channel PEAR channel ' http://mediawiki.googlecode.com/svn '

pear channel-discover mediawiki.googlecode.com/svn

Install extension through PEAR:

pear install mediawiki/SecureHTML

Add the following to LocalSettings.php^[2]^[3]:

require 'MediaWiki/SecureHTML/SecureHTML.php';

Note that the required version of PEAR must be respected. Currently, the minimum version of PEAR usable with this channel is v1.6.2. Perform the following command to upgrade to the latest version of PEAR:

pear upgrade pear

[edit] Upgrades through PEAR

Sometimes, it is necessary to clear PEAR's cache in order to perform upgrades.

pear clear-cache

or use the force method:

pear upgrade --force mediawiki/SecureHTML

[edit] PEAR Web Frontend

For easier remote package management, PEAR Frontend WEB can be installed. Installation notes can be found here. An example of the WEB frontend is available here.

[edit] RSS feed

To keep up-to-date with this channel, use the following RSS feed__.

[edit] Notes

[edit] Other Extensions From the same author

Consult User Jldupont's page.

↑ The most recent release is always available through the extension's PEAR and SVN repositories. This page is not necessarily up-to-date.
↑ ^2.0 ^2.1 ^2.2 Extension:ExtensionManager does not require any modification to LocalSettings.php because ExtensionManager includes the extension.
Note that if PHP code caching is in place (e.g. APC, eAccelerator), then to successfully complete the installation a cache flush might be needed.
↑ Modifications to LocalSettings.php is only necessary if not using Extension:ExtensionManager

[edit] Reason for the {{ #html}} parser function

It is sometimes useful to include, in a secure fashion, a template containing 'raw html' in another page. This enables, for example, the construction of gadgets.

Through the added functionality of parameterization using the {@{parameter_here}@}, the said templates can be customized on a per-page basis without resorting to convoluted escape patterns (e.g. </html>{{{parameter_here}}}<html>) which renders page viewing difficult to humans.

[edit] History

added namespace exemption functionality i.e. namespaces where article do not need to be protected in order to use 'html' tags
- use SecureHTMLclass::enableExemptNamespaces = false; to turn off
- use SecureHTMLclass::exemptNamespaces[] = NS_XYZ; to add namespaces
enhanced with functionality to 'add' content to the document's 'head' section
Removed dependency on ExtensionClass
Enabled for 'StubManager'
Added 'addExemptNamespaces' function

[edit] 1.1.0

Added, by default, NS_MEDIAWIKI namespace to the exemptNamespaces

[edit] 2.0.0

Addition of the parser function {{ #html}}

[edit] 2.1.0

Addition of the parser function #shtml (requires Extension:ParserFunctionsHelper)

[edit] Todo

Fix for allowing more customization of 'exempt' namespaces even when using StubManager
Think about renaming the extension to be more distinct from Extension:Secure HTML

[edit] See also

Extension:Secured HTML - Similar name, different extension which restricts <html> sections to protected pages/namespaces.
Extension:Secure HTML
Extension:Anysite - Embeds a website in a wiki page without touching HTML settings.
Extension:Secured_PHP
Extension:SecureWidgets

Language:	English • 日本語

[up-0] The most recent release is always available through the extension's PEAR and SVN repositories. This page is not necessarily up-to-date.

[em-1] 2.0 ^2.1 ^2.2 Extension:ExtensionManager does not require any modification to LocalSettings.php because ExtensionManager includes the extension.
Note that if PHP code caching is in place (e.g. APC, eAccelerator), then to successfully complete the installation a cache flush might be needed.

[mod-2] Modifications to LocalSettings.php is only necessary if not using Extension:ExtensionManager

[1]

[2]

[3]

Extension:SecureHTML

Contents

[edit] Features

[edit] Usage

[edit] < html> tag

[edit] {{ #html}} parser function

[edit] {{ #shtml }} parser function

[edit] Example

[edit] Test Page

[edit] Template:Page1

[edit] Required extensions

[edit] Installation

[edit] LocalSettings.php

[edit] PEAR

[edit] Upgrades through PEAR

[edit] PEAR Web Frontend

[edit] RSS feed

[edit] Notes

[edit] Other Extensions From the same author

[edit] Reason for the {{ #html}} parser function

[edit] History

[edit] 1.1.0

[edit] 2.0.0

[edit] 2.1.0

[edit] Todo

[edit] See also

Personal tools

Namespaces

Variants

Views

Actions

Search

Navigation

Support

Download

Development

Communication

Print/export

Toolbox