Menu
▾
▴
Re: [Phpwiki-talk] Transclusion plugin
|
From: Jeff D. <da...@da...> - 2002-09-21 16:08:58
|
On Thu, 19 Sep 2002 13:12:28 +0100 Lawrence Akka <la...@us...> wrote: > Name: What on earth is transclusion? I see it as indicating inclusion from some other published source. As such having a different word for it is useful. The term "tranclusion" did not come out of nowhere. It seems to be the invention of Ted Nelson, who says he concieved of the idea in 1960(!). (It is currently a key component of his Xanadu system.) http://www.almaden.ibm.com/almaden/npuc97/1996/tnelson.htm http://www.wikipedia.com/wiki/Hypertext/Transclusion http://xanadu.com/xuvision.html http://seed.cs.colorado.edu/dynagloss.makeGlossPage.fcgi$Term=Transclusion http://www.zerohour.net/~reed/wri/hypertext/xanadu/transclusion.html > It just sounds a bit silly to me. What's wrong with "Include"? I > thought wiki was supposed to be easy to use/intuitive :-) Again, I have not beef with "Include", but I have brainwashed into accepting "Transclude" as a more specific term. > Recursion: Whilst it is relatively easy (I guess) to detect if a page > includes itself, what if a page1 includes page2 includes page1 ... Yes that's a problem. > Actually, this same problem applies to the Redirect plugin - see: > http://phpwiki.sourceforge.net/demo/en/RedirectLoop. Possibility for > DoS attacks? Less of a problem. Or, what I mean is: that can (and will, eventually) be fixed. A couple options on how to fix that: 1. The UseMod solution. When redirecting add a "redirected from" query arg. This is used to display a "Redirected from ..." message on the target page. Also, we can refuse to redirect more than once, so if a request already has a "redirected from" query, dont redirect again. (We need a way to disable redirection anyway, so as to be able to view/edit the original page. e.g. the "Redirected from OtherPage" message should include a link to the redirecting page with redirection disabled...) 2. "Internal redirect": Don't actually issue an HTTP redirect, but just treat the request like it was a request for the other page. Then we have complete knowledge of the "redirect" history, and can avoid loops that way... (This should probably be named Alias instead of Redirect.) > Bad scripts: Security problems if A Bad User can include all sorts of > html in a wiki page? Isn't this why we don't generally allow raw html Maybe... not sure, err ... probably. Can anyone give examples? It could be we do need to treat Transclusion like raw html. Enabled on locked pages only, etc... (Of course, once we have real user authentication, that constraint will need to become more flexible...) > Two plugins: Can we merge the IncludePage plugin with this one in some > way? We could. From the user's point of view, they are quite similar. I'm not sure it's a good idea though. The inner workings of the two mechanisms are, however, quite different. And, as you point out, Transclusion (at least in its current form) is frought with numerous perils. Keeping them in separate plugins emphasizes to users how different the two are, in spite of the fact they produce similar results. (Also, it makes it easy to disable transclusion: delete the plugin...) The reason I wrote the Transclusion plugin was not that I'm so crazy about Trans-/In-clusion, but rather as a, IMHO, cleaner alternative to Reini's FrameInclude. (Note that the recursion and security issues listed above pertain equally to the FrameInclude plugin.) I'm hoping to convince Reini at some point that we can do without the FrameInclude plugin and it's little hooks all over the PhpWiki code... (The one drawback I see of Transclusion over FrameInclude is that it doesn't work with older browsers...) |
