Re: [Semediawiki-user] Minor problem with #info function.

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Here is the patch. 

1. I used Validator to validate #info parameters. I see Validator is
already used in SMW, so it should not be a problem.

2. New #info syntax is:

{{ #info: message=... | icon=... | escape=... }}

Defaults: icon=info, escape=yes. message is also recognized as the first
positional argument, icon -- as the second for backward compatibility.

3. I removed using global $wgTitle global variable, because it declared
deprecated. Title of current page can be retrieveb through parser.

4. I think everything is ok with non-escaped output, because I did some
testing:

a. <span class="error">...</span> passed to HTML and influence
formatting.
b. At the same time, <a href="...">...</a> is escaped: tags are
displayed literally, but content of href attribute is recognized and
formatted as external link. 

It seems result of #info function is processed by parser.

5. The only thing I am worry about is initialization. Since SMWInfo is a
descendant of Validator's ParserHook now... Please check initialization
carefully.

Thanks,
Van.

On Mon, 2011-10-10 at 22:38 +0000, Jeroen De Dauw wrote:
> Hey,
> 
> It'd indeed be nice if markup could be embedded here. However, we need
> to be careful with the removing of any escaping, to avoid creating
> script insertion vulnerabilities and the like. Instead of escaping,
> the text could be passed to the parser, which will then remove
> anything that should not be in the text. I don't have time right now
> to really look into this, but if you create a patch, I'll try to
> review it :)
> 
> Cheers
> 
> --
> Jeroen De Dauw
> http://www.bn2vs.com
> Don't panic. Don't be evil.
> --

Re: [Semediawiki-user] Minor problem with #info function.

Lets you store and query data within the wiki's pages.

Re: [Semediawiki-user] Minor problem with #info function.