Requests for comment/Disable raw HTML on wikimediafoundation.org
This is a request for comment regarding disabling raw HTML ($wgRawHtml) on wikimediafoundation.org.
Disable raw HTML on wikimediafoundation.org | |
---|---|
Component | General |
Creation date | |
Author(s) | MZMcBride |
Document status | implemented See Phabricator. |
Background edit
Currently wikimediafoundation.org allows raw HTML. This presents a number of problems:
- code reusability is more difficult (most wikis wisely choose not to enable raw HTML);
- it's a huge attack vector; and
- enabling raw HTML inhibits the (open) wiki model.
Resolution edit
Search for instances of raw HTML on the wiki, evaluate them, and replace them with regular wikimarkup or specialized (safe) code. Once all the raw HTML is scrubbed, disable $wgRawHtml and profit!