Re: [wikiss-users] hot-to enable HTML

[ Thread Index | Date Index | More lists.tuxfamily.org/wikiss-users Archives ]

To: wikiss-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [wikiss-users] hot-to enable HTML
From: "molinaro@xxxxxxxxxxx" <molinaro@xxxxxxxxxxx>
Date: Tue, 4 Mar 2008 08:07:22 -0500

Hi, JJL! Thank you, man! Say something: can I get XSS attacks even with an
authoral wiki site like the one I'm going to have? Look, I'm the only user
with access to the editings and the Wikiss syntax. 

Right. I'll try the file you send to me and the second option. Very thanks
for that! I love Wikiss and I'm very happy you're giving continuity to the
project. 

Regards
Rodrigo Molinaro

P.S.: Oh, I wanted to say "how-to", and not "hot-to", haha ha! X-D






Original Message:
-----------------
From: JJL buggerone@xxxxxxxxx
Date: Tue, 4 Mar 2008 12:29:33 +0100
To: wikiss-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [wikiss-users] hot-to enable HTML


Hello,

2008/2/29, molinaro@xxxxxxxxxxx <molinaro@xxxxxxxxxxx>:
>  but it can be HTML enabled via
>  a simple plug-in or few comand lines in the config file. Maybe can I do
>  something like that in Wikiss?
Yes, it's quite easy with a little plugin.
But, you have to be aware of the risks ! This can be an open door to
XSS attacks.
TigerWiki had such a feature, but I removed it to improve the security.

BTW, you'll find such a plugin attached. copy it to plugins dir. To
write an html page, add the %HTML% tag in it.
It can be improved by parsing the text and removing unwanted html tags.

If you want to mix html and wiki syntax in a same page, you'll need
another plugin.
It will have to :
* use a new syntax to delimit html
* parse $CONTENT and save html in formatBegin
* reinsert your saved html in the right places in formatEnd
Such a mechanism is already used for code insertion. See wikiss core for
that.

>  Sorry for my poor english, and very thanks for any help. ^_^
No problem, mine is poor too :)

Regards
JJL
-- 
http://kubuntu.free.fr/blog


____________________________________________________________________________
________
Click to protect your business! Compare business insurance rates.
http://ads.lavabit.com/fc/Ioyw6kdblj51vsYO7tEqgJD5HfwGxD3VXy2iwdC1tK3KruZ3S8
lZrQ/
____________________________________________________________________________
________

--------------------------------------------------------------------
mail2web LIVE ? Free email based on Microsoft® Exchange technology -
http://link.mail2web.com/LIVE



---
http://wikiss.tuxfamily.org

Follow-Ups:
- Re: [wikiss-users] hot-to enable HTML
  - From: JJL

Messages sorted by: [ date | thread ]
Prev by Date: Re: [wikiss-users] [Aide] pour une idée de plugin
Next by Date: Re: [wikiss-users] hot-to enable HTML
Previous by thread: Re: [wikiss-users] hot-to enable HTML
Next by thread: Re: [wikiss-users] hot-to enable HTML

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/