Jump to content

Manual:$wgRawHtml

From mediawiki.org
This page is a translated version of the page Manual:$wgRawHtml and the translation is 9% complete.
HTML: $wgRawHtml
Allow raw, unchecked HTML in ‎<html>...‎</html> sections.
Sürümde tanıtıldı:1.3.4
Sürümde kaldırıldı:hala kullanımda
İzin verilen değerler:(boole)
Varsayılan değer:false

Details

Insert $wgRawHtml = true; into the file LocalSettings.php in your main MediaWiki directory and the wiki will allow you to insert raw unchecked HTML. However, you must embed your html within the ‎<html>...‎</html> tags so that MediaWiki can differentiate it.

Uyarı Uyarı: This is very dangerous on a publicly editable site, because it allows for arbitrary JavaScript code to be inserted, opening the door for session hijacking. Thus, you shouldn't enable RawHtml unless you've restricted editing to trusted users only with $wgGroupPermissions . See Manual:Preventing access for more information on restricting write access.
This option does not affect how wikicode outside of ‎<html>...‎</html> tags is handled.
MediaWiki sürümü:
1.29

Since MediaWiki 1.29, the raw HTML tag has no effect in namespace 8 (MediaWiki): phabricator:T156184.

Is enabling raw HTML necessary?

Some HTML tags are permitted in wikitext, even with $wgRawHtml = false. See Help:Vikimetinde HTML . The vast majority of fancy formatting seen on Wikimedia sites is achieved using these limited tags (e.g. tables with CSS style tags). If you can make do with these limitations (leave $wgRawHtml = false), your wiki will be more secure.

Also note that the "limited" wiki syntax is actually a deliberate design feature of wikis. It is a compact simplified markup which is easily understood even by non-technical users, easily visualised in diff displays, and discourages stylistic tinkering in favor of getting on with writing useful/interesting text.

There are a number of extensions which promise to allow more HTML flexibility, while improving the security situation. Some require setting $wgRawHtml = true in conjunction with using the extension, while others offer an alternative.


Extension Status Description
Extension:HTMLets unmaintained $wgRawHtml = false; ile önceden tanımlanmış HTML pasajlarına izin verir
Extension:HTML Tags stable viki ayarlarında tanımlanan bir dizi etiket ve özellikten HTML eklenmesine olanak tanır
Extension:Secure HTML unmaintained html bölümleri için 'Gizli anahtar' koruması ekler
Extension:SaferHTMLTag stable, has known security vulnerability prevents editing of pages that contain the ‎‎<html> tag by unauthorized users and groups
Extension:HTMLPurifier beta allows users to input raw HTML by using HTML Purifier to sanitize it
Extension:Widgets stable isteğe bağlı parametrelerle HTML ve JavaScript tabanlı "widgets" tanımlanmasına olanak tanır
Extension:HTMLTemplates experimental Creates a new HTMLTemplate namespace like normal templates except written in html. Parameters are automatically escaped in a context sensitive manner


Another way get custom HTML appearing within your wiki articles is to develop your own tag extension. Do not be tempted to develop an extension which allows arbitrary HTML, otherwise the same serious security issues apply as with setting $wgRawHtml = true.