UseModWiki | RecentChanges | Preferences

UseMod can be configured to allow/deny the use of HTML at two levels.

1. The option $HtmlTags controls whether to allow tags defined by two arrays:

2. The option $RawHtml (I think) allows unrestricted HTML.(please correct me if I am wrong...)

Wiki Health Warning

The $RawHtml option is very dangerous in a wiki that is editable by the unknown Internet user. Any hostile person (and there are such sad specimens around) can drop any Javascript code onto a page, and for anyone loading a page with Javascript enabled they will not know what has happened till after the code has run.

My advice would be to keep this option only for use on a readonly site where you trust all the people with edit/admin status.(Do you ever really trust people)?

Note**** I have been experimenting with getting javascript to run within a page (<script type="text/javascript" src="http://www.furl.net/jsLatest.jsp?id=??????"></script>) and enabling RawHTML does work, but adding script to the list of tags in those defined in @HtmlPairs and enabling $HtmlTags does not seem to work.

UseModWiki | RecentChanges | Preferences
Edit text of this page | View other revisions | Search MetaWiki
Last edited October 21, 2007 8:14 pm by JuanmaMP (diff)