[Moin-user] Embeded Video and svg images
Matthew Nuzum
newz at bearfruit.org
Mon Nov 17 12:16:08 EST 2008
On Mon, Nov 17, 2008 at 10:55 AM, Rick Vanderveer
<rick.vanderveer at gmail.com> wrote:
> Hey Waqas,
> After struggling for a long time, we were never able to get the EmbedObject
> macro to work reliably or predictably. We finally gave up and just escape
> to raw html. You need to download a 'raw' parser, as the built-in html
> parser doesn't allow full media control. This is fine for internal-only
> wiki's like ours, but if your wiki is public-facing it is highly advised not
> to use the raw macro (since a knowledgeable user can use it to write
> virtually any code they want, which can be dangerous).
Creating macros isn't hard, so instead of using RAW another option is
to just create a macro that accepts a single param (the url to the
media file) and then writes the necessary HTML. If you suitably
check/sanitize the URL then it should be safe for public wikis too.
Better yet would be to accept a relative url and let your macro
prepend the domain name. Someone in my company wrote a macro like this
for displaying graphs.
My concern with the RAW, even in a closed wiki, isn't necessarily
malicious users but clueless/naive users. It's the age-old "blunt
instrument" analogy. Soon you'll your users putting <blink> tags in
your wiki. :-/
--
Matthew Nuzum
newz2000 on freenode
More information about the Moin-user
mailing list