Extension:SaferHTMLTag
Appearance
Warning: The code or configuration described here poses a major security risk. Site administrators: You are advised against using it until this security issue is resolved. Problem: The html tag check can be bypassed by obfuscating the html tag, leading to a false sense of security. See https://github.com/Wikimedica/mediawiki-extensions-SaferHTMLTag/issues/5 |
SaferHTMLTag Release status: stable |
|
---|---|
Implementation | Tag , User rights |
Description | Allows only sysops and certain user groups to edit pages containing the <html> tag. |
Author(s) | Antoine Mercier-Linteau (Tinsstalk) |
Latest version | 0.4 (2024-02-19) |
Compatibility policy | Master maintains backward compatibility. |
MediaWiki | 1.35+ |
License | GNU General Public License 2.0 or later |
Download | GitHub: Note: README |
edit-html |
|
The SaferHTMLTag extension prevents edition of pages that contain the <html>
tag by unauthorized users and groups.
Installation
[edit]- Download, extract and place the file(s) in a directory called
SaferHTMLTag
in yourextensions/
folder. - Add the following code at the bottom of your LocalSettings.php file:
wfLoadExtension( 'SaferHTMLTag' );
- Done â Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Enabling for a group
[edit]To enable for a group (eg: sysops), add the following to you LocalSettings.php file:
$wgGroupPermissions['sysop']['edit-html'] = true; // Enable in-wiki HTML editing for sysops.
See also
[edit]- Extension:Secure_HTML - Lets you include arbitrary HTML in an authorized and secure way.
Categories:
- Extensions with security vulnerabilities
- Stable extensions
- Tag extensions
- User rights extensions
- GPL licensed extensions
- Extensions in GitHub version control
- Extensions which add rights
- EditPage::showEditForm:initial extensions
- TitleGetEditNotices extensions
- EditFilterMergedContent extensions
- GetUserPermissionsErrors extensions
- All extensions