Extension:SaferHTMLTag
 | Warning: The code or configuration described here poses a major security risk. Site administrators: You are advised against using it until this security issue is resolved. Problem: The html tag check can be bypassed by obfuscating the html tag, leading to a false sense of security. See https://github.com/Wikimedica/mediawiki-extensions-SaferHTMLTag/issues/5 |
 Release status: stable |
|
|---|---|
| Implementation | Tag, User rights |
| Description | Allows only sysops and certain user groups to edit pages containing the <html> tag. |
| Author(s) | Antoine Mercier-Linteau (Tinsstalk) |
| Latest version | 0.4 (2024-02-19) |
| Compatibility policy | Master maintains backward compatibility. |
| MediaWiki | 1.35+ |
| License | GNU General Public License 2.0 or later |
| Download | GitHub: Note: README |
|
edit-html |
|
The SaferHTMLTag extension prevents edition of pages that contain the <html> tag by unauthorized users and groups.
Installation
[edit]- Download, extract and place the file(s) in a directory called
SaferHTMLTagin yourextensions/folder. - Add the following code at the bottom of your LocalSettings.php file:
wfLoadExtension( 'SaferHTMLTag' );
Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Enabling for a group
[edit]To enable for a group (eg: sysops), add the following to you LocalSettings.php file:
$wgGroupPermissions['sysop']['edit-html'] = true; // Enable in-wiki HTML editing for sysops.
See also
[edit]- Extension:Secure_HTML - Lets you include arbitrary HTML in an authorized and secure way.
Categories:
- Extensions with security vulnerabilities
- Stable extensions
- Tag extensions
- User rights extensions
- GPL licensed extensions
- Extensions in GitHub version control
- Extensions which add rights
- EditPage::showEditForm:initial extensions
- TitleGetEditNotices extensions
- EditFilterMergedContent extensions
- GetUserPermissionsErrors extensions
- All extensions