Extension:NamespaceHTML
Warning: The code or configuration described here poses a major security risk. Site administrators: You are advised against using it until this security issue is resolved. Problem: Namespace detection code can be tricked allowing raw html to be unsafely executed. This is possible even for attackers who do not have any edit rights. Bawolff (talk) 04:17, 13 February 2023 (UTC) Solution: Use a different extension like extension:Widgets Bawolff (talk) 04:17, 13 February 2023 (UTC) |
A request to archive this extension has been made on Phabricator. See task T360235 for the archival request and the rationale for the request, and to leave comments about the request. |
This extension is currently not actively maintained! Although it may still work, any bug reports or feature requests will more than likely be ignored. If you are interested in taking on the task of developing and maintaining this extension, you can request repository ownership. As a courtesy, you may want to contact the author. You should also remove this template and list yourself as maintaining the extension in the page's {{Extension }} infobox. |
NamespaceHTML Release status: unmaintained |
|
---|---|
Implementation | Tag |
Description | Allows raw HTML in specified namespaces |
Author(s) | Ike Hecht (tosfostalk) |
Latest version | 0.4 () |
Compatibility policy | For every MediaWiki release that is a Long Term Support release there is a corresponding branch in the extension. |
MediaWiki | 1.35, 1.39 |
Database changes | No |
License | GNU General Public License 2.0 or later |
Download | |
$wgRawHtmlNamespaces |
|
<html> |
|
Quarterly downloads | 2 (Ranked 140th) |
Translate the NamespaceHTML extension if it is available at translatewiki.net | |
Issues | Open tasks · Report a bug |
The NamespaceHTML extension allows raw HTML in specified namespaces. It is intended to work just like the $wgRawHtml setting. The difference is that this extension allows specifying which namespace(s) should be able to contain raw HTML, which allows administrators to restrict raw HTML to namespaces with sufficient edit protections.
This extension was created for WikiWorks.
Usage edit
Embed raw html within <html>...</html>
tags.
See Manual:$wgRawHtml for more information.
As a template edit
The extension allows inclusion from namespaces where HTML is allowed to namespaces where HTML is not. You can create a custom script namespace and allow HTML in that namespace. Then you can create pages in the script namespace that contain safe scripts which can be transcluded into any page.
Technically, you can use the #tag parser function to pass parameters to the template. See here for an example. However, it is a better idea to use the Widgets extension for that.
Widget examples edit
- To add a Pinterest feed: Extension:NamespaceHTML/Pinterest Widget
Installation edit
- Download and move the extracted
NamespaceHTML
folder to yourextensions/
directory.
Developers and code contributors should install the extension from Git instead, using:cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/NamespaceHTML - Add the following code at the bottom of your LocalSettings.php file:
wfLoadExtension( 'NamespaceHTML' );
- Configure as required.
- Note:
$wgRawHtmlNamespaces = [];
must be configured, see below. - Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Configuration edit
- $wgRawHtmlNamespaces
- List of the namespaces where raw HTML should be enabled. See this page for more information about namespace constants. For example:
# allow raw HTML but only in the Project: & User: namespaces $wgRawHtmlNamespaces = [ NS_PROJECT, NS_USER ];
See also edit
- HTML restriction - list of extensions that allow for the inclusion of raw HTML
- Extension:Secure HTML - adds "secret key" protection for html sections
- Extension:SaferHTMLTag - allows only sysops and certain user groups to edit pages containing the
<html>
tag - Extension:HTMLets - Serves HTML from server files