Isn't it a very significant security risk to allow users to write arbitrary javascript that could get shown to every other wiki user who visits the site? If this is a public wiki we're talking about that allows free registration, this would be something you simply cannot allow.
Larry Silverman Chief Technology Officer TrackAbout, Inc. On Wed, Sep 3, 2014 at 7:46 AM, Myname To <[email protected]> wrote: > hello, can you please help me with this: > > > > > I recently installed mediawiki on Centos6.5 and after following the > instructions for adding HTML and JS to > wikipages: > http://www.mediawiki.org/wiki/Adding_HTML_to_wiki_pages (the page was > last modified on 22 August 2014, at 21:10.) > > I can't use no simple javascript with wikimedia ... > > First I checked in LocalSettings.php: > > $wgUseSiteJs = true; > $wgAllowUserJs = true; > $wgAllowUserCss = true; > > My Mediawiki is completely empty so I put Inside > MediaWiki:YourScript.js nothing else than: > > var helloWorld = document.getElementById('helloWorldID'); > newPageElement.innerHTML = '<script type="text/javascript"> > document.write('<b>Hello World</b>'); > </script>'; > > also in MediaWiki:Common.js I have just one single code: > > importScript('MediaWiki:YourScript.js'); > > and for the Template:helloWorld I did only that: > <div id="helloWorldID"></div> > > and in MediaWiki:YourScript it stand one word: > {{helloWorld}} > > ... nothing happens (also after refresh, shift f5 etc.) > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
