Re: [wikiss-users] hot-to enable HTML

[ Thread Index | Date Index | More Archives ]

Hi, JJL! Thank you, man! Say something: can I get XSS attacks even with an
authoral wiki site like the one I'm going to have? Look, I'm the only user
with access to the editings and the Wikiss syntax. 

Right. I'll try the file you send to me and the second option. Very thanks
for that! I love Wikiss and I'm very happy you're giving continuity to the

Rodrigo Molinaro

P.S.: Oh, I wanted to say "how-to", and not "hot-to", haha ha! X-D

Original Message:
From: JJL buggerone@xxxxxxxxx
Date: Tue, 4 Mar 2008 12:29:33 +0100
To: wikiss-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [wikiss-users] hot-to enable HTML


2008/2/29, molinaro@xxxxxxxxxxx <molinaro@xxxxxxxxxxx>:
>  but it can be HTML enabled via
>  a simple plug-in or few comand lines in the config file. Maybe can I do
>  something like that in Wikiss?
Yes, it's quite easy with a little plugin.
But, you have to be aware of the risks ! This can be an open door to
XSS attacks.
TigerWiki had such a feature, but I removed it to improve the security.

BTW, you'll find such a plugin attached. copy it to plugins dir. To
write an html page, add the %HTML% tag in it.
It can be improved by parsing the text and removing unwanted html tags.

If you want to mix html and wiki syntax in a same page, you'll need
another plugin.
It will have to :
* use a new syntax to delimit html
* parse $CONTENT and save html in formatBegin
* reinsert your saved html in the right places in formatEnd
Such a mechanism is already used for code insertion. See wikiss core for

>  Sorry for my poor english, and very thanks for any help. ^_^
No problem, mine is poor too :)


Click to protect your business! Compare business insurance rates.

mail2web LIVE ? Free email based on Microsoft® Exchange technology -


Mail converted by MHonArc 2.6.19+