On Tue, Jul 30, 2002 at 02:38:07AM -0800, Brion VIBBER wrote:
> Jan.Hidders wrote:
>
> >Are the <nowiki> tags still needed in the script? I'm asking this because
> >1. I'm having trouble getting them into the formal syntax
> >
> Of course they're still needed! How else are we supposed to include wiki
> markup as text in a wikipage that's not overly burdenson? (ie, using
> numeric character entities instead of special wiki symbols.)
So we only need them for the FAQs? :-) But I see your point.
> >2. They are a bit of a security risc because the allow users to get things
> >like javascript on a page.
> >
> If that's the case, that's a serious bug. <nowiki> should mean no *wiki*
> markup interpretation, not no *HTML* safeguarding.
Yup, I tried it on my Sandbox, look at the bottom:
http://www.wikipedia.com/wiki/User:Jan_Hidders/Sandbox At the moment I don't understand Lee's code enough to say if there is any
HTML safeguarding going on in the <nowiki> parts, but as far as I can tell
there isn't.
But this can be remedied fairly easy, just replace all the <'s and >'s with
their corresponding entities in the <nowiki> parts. That's even correct in
some sense because we consider HTML as part of the wiki markup. :-/
Lee, should I make a bug report of this?
-- Jan Hidders