Hi, Actually please hold on with switching to different solution on pages which use TabView extension. I'm going to fix JavaScript injection problems ASAP (today) and then will let you know.
Inez Jesús Martínez pisze: > Just FYI to who were using the TabView extension, it has been > disabled, so the markup is now showing on the pages where is used. > > The reason is the JavaScript injection that anyone could produce with > it. The first param was injected without any escape inside a <script> > section of the HTML, so you can imagine what could be done with it: > since showing an alert() to include an entire external JavaScript file > that could thief your cookies or load in a frame the > [[Special:Userlogin]] and send your password remotely (if your browser > stores it). > > > If someday wikia enables an improved version of this extension, PLEASE > do something like the param indicating the page to load is the title > of the article, not a url, and check it with MediaWiki so if it > doesn't exist displays a red link or something. This is the proper way > of doing things. > > What was doing now could be done with some javaScript in Common.js, so > a replacement of this extension could be done without much effort and > without a need of a extension install. > > As an idea: > <http://www.wikia.com/wiki/User:Ciencia_Al_Poder/Embed_Quick_Time_Movies.js> > what means: a <div> with a specific class="" attribute. Inside, a list > of links, preferably of the form [[Link|Text]] so you can make sure > only internal links are parsed and the problem of the TabView > extension gets solved. > > Cheers. > > > 2007/8/17, Inez Korczyński wrote: >> Hi, >> >> I just create new extension - TabView. >> It allow to create dynamic tabs inside article page. >> >> Example: http://toys.wikia.com/wiki/TabViewTest >> CSS for that example is at the end of: >> http://toys.wikia.com/wiki/MediaWiki:Common.css >> >> About syntax: >> >> tag parameters: >> id - (optional) postfix for root div for tab >> title - (optional) title showed above tabs >> >> inside parameters: >> 1st - tab name >> 2nd - url to article with content to display (remember about action=render) >> 3nd - (optional) cache content - false/true >> 4nd - (optional) active tab - false/true >> >> That extension use YUI library module called TabView: >> http://developer.yahoo.com/yui/tabview/ >> >> Feel free to play with it, I'm waiting for feedback and remember that >> extension is in beta version. >> >> Inez >> >> _______________________________________________ >> Wikia-l mailing list >> [email protected] >> http://lists.wikia.com/mailman/listinfo/wikia-l >> > _______________________________________________ > Wikia-l mailing list > [email protected] > http://lists.wikia.com/mailman/listinfo/wikia-l > _______________________________________________ Wikia-l mailing list [email protected] http://lists.wikia.com/mailman/listinfo/wikia-l
