On Mon, Nov 17, 2008 at 10:55 AM, Rick Vanderveer <[EMAIL PROTECTED]> wrote: > Hey Waqas, > After struggling for a long time, we were never able to get the EmbedObject > macro to work reliably or predictably. We finally gave up and just escape > to raw html. You need to download a 'raw' parser, as the built-in html > parser doesn't allow full media control. This is fine for internal-only > wiki's like ours, but if your wiki is public-facing it is highly advised not > to use the raw macro (since a knowledgeable user can use it to write > virtually any code they want, which can be dangerous).
Creating macros isn't hard, so instead of using RAW another option is to just create a macro that accepts a single param (the url to the media file) and then writes the necessary HTML. If you suitably check/sanitize the URL then it should be safe for public wikis too. Better yet would be to accept a relative url and let your macro prepend the domain name. Someone in my company wrote a macro like this for displaying graphs. My concern with the RAW, even in a closed wiki, isn't necessarily malicious users but clueless/naive users. It's the age-old "blunt instrument" analogy. Soon you'll your users putting <blink> tags in your wiki. :-/ -- Matthew Nuzum newz2000 on freenode ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Moin-user mailing list Moin-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/moin-user
