Just FYI to who were using the TabView extension, it has been disabled, so the markup is now showing on the pages where is used.
The reason is the JavaScript injection that anyone could produce with it. The first param was injected without any escape inside a <script> section of the HTML, so you can imagine what could be done with it: since showing an alert() to include an entire external JavaScript file that could thief your cookies or load in a frame the [[Special:Userlogin]] and send your password remotely (if your browser stores it). If someday wikia enables an improved version of this extension, PLEASE do something like the param indicating the page to load is the title of the article, not a url, and check it with MediaWiki so if it doesn't exist displays a red link or something. This is the proper way of doing things. What was doing now could be done with some javaScript in Common.js, so a replacement of this extension could be done without much effort and without a need of a extension install. As an idea: <http://www.wikia.com/wiki/User:Ciencia_Al_Poder/Embed_Quick_Time_Movies.js> what means: a <div> with a specific class="" attribute. Inside, a list of links, preferably of the form [[Link|Text]] so you can make sure only internal links are parsed and the problem of the TabView extension gets solved. Cheers. 2007/8/17, Inez Korczyński wrote: > Hi, > > I just create new extension - TabView. > It allow to create dynamic tabs inside article page. > > Example: http://toys.wikia.com/wiki/TabViewTest > CSS for that example is at the end of: > http://toys.wikia.com/wiki/MediaWiki:Common.css > > About syntax: > > tag parameters: > id - (optional) postfix for root div for tab > title - (optional) title showed above tabs > > inside parameters: > 1st - tab name > 2nd - url to article with content to display (remember about action=render) > 3nd - (optional) cache content - false/true > 4nd - (optional) active tab - false/true > > That extension use YUI library module called TabView: > http://developer.yahoo.com/yui/tabview/ > > Feel free to play with it, I'm waiting for feedback and remember that > extension is in beta version. > > Inez > > _______________________________________________ > Wikia-l mailing list > [email protected] > http://lists.wikia.com/mailman/listinfo/wikia-l > _______________________________________________ Wikia-l mailing list [email protected] http://lists.wikia.com/mailman/listinfo/wikia-l
