I agree with DanTMan, the TabView should be usable also for people with JavaScript disabled. So the tabs of the TabView should be normal links to wiki articles, and on the onload event of the page be converted in real tabs. Is what I recommended in the first mail.
So there's two variations, the DanTMan one, which means all content in the page and the JavaScript only hides this content into tabs showing one tab, or the actual, using AJAX but send the tab pages as links in the HTML and making them load with AJAX. Now it only injects some JavaScript code to the page to make the tab pages appear, so if JavaScript is disabled, there's nothing to show. As an other side, the new version of TabView has no security threats now. If the page doesn't exist, the JavaScript code that generates this tab page doesn't get injected to the page so it avoid injections of malicious code, and page titles with "}" or "<" are invalid, so there's no combination of page title characters that would make a page with some escape characters in it would make the TabView vulnerable to JS injection. Good work, Inez! Although it must be thought the first time ;-) 2007/12/8, DanTMan wrote: > > Ok, I just do have a note. > The AJAX use of <tabview> was something I strongly disliked because I > wanted to be able to use tabs on a page where it would be unacceptable to > not have a fallback that allows things to just be displayed flat when > someone has JS disabled. > > For that reason I created some Wiki side JS to use TabView similarly to how > we use NavBox, collapsible, and sortable. > The JS is at: > http://en.anime.wikia.com/wiki/MediaWiki:TabView.js > > The syntax uses divs with the 'tabview' class, and uses the title of the > children divs to act as tabs. So an example would be: > <div class="tabview"> > <div title="Tab 1"> > Tab 1 content. > </div> > <div title="Tab 2"> > Tab 2 content. > </div> > </div> > Because I use the childNodes variable instead of using getElementsByTagName > it is also theoretically possible to put tab systems inside of other tab > systems. > If you're going to use it, I suggest referencing it with a @import instead > of copying the code into your Common.css. The reason for that is I am > currently getting a tab-random (For a random tab to be active on page load), > and will then add a tab-selected class after that is done to let people > select which tab should be the selected one. > If you still wish to copy the code instead of referencing it, I suggest you > use the following revision instead of the current revision because it is the > stable version without any code for the tab-random which does not work yet: > http://en.anime.wikia.com/index.php?title=MediaWiki:TabView.js&oldid=10067 > > All just for those who want a method more inline with whats been done in > the past, instead of an AJAX dependent new method. > ~Daniel Friesen(Dantman) of: > -The Gaiapedia (http://gaia.wikia.com) > -Wikia ACG on Wikia.com (http://wikia.com/wiki/Wikia_ACG) > -and Wiki-Tools.com (http://wiki-tools.com) > Inez Korczyński wrote: > Hi, > > I just deployed a new version of the TabView extension. It's enabled on > all wikis. You can see an example here: > http://toys.wikia.com/wiki/TabViewTest > > Note that the tag that the parser uses has changed from "tabview" to > "tabviewng" - this is a temporary change, only released to get your > feedback. > > Inez > > Jesús Martínez pisze: > > > Thanks, but please consider changing the way of specify the article to > load as I suggested, specifying the page title instead of a URL and, > of course, check that the parameter is a valid wiki article title. > It's more secure that the actual way. > > Nobody has complained about this extension being disabled yet, so > maybe is not a pain for them to wait some days until it gets totally > fixed, even if the syntax changes. This would solve the problem > permanently. Maybe you have a tool to check in which pages it's used, > to consider each option. > > Just my 2 cents. > > > 2007/12/7, Inez Korczyński wrote: > > > Hi, > > Actually please hold on with switching to different solution on pages > which use TabView extension. I'm going to fix JavaScript injection > problems ASAP (today) and then will let you know. > > Inez > > Jesús Martínez pisze: > > > Just FYI to who were using the TabView extension, it has been > disabled, so the markup is now showing on the pages where is used. > > The reason is the JavaScript injection that anyone could produce with > it. The first param was injected without any escape inside a <script> > section of the HTML, so you can imagine what could be done with it: > since showing an alert() to include an entire external JavaScript file > that could thief your cookies or load in a frame the > [[Special:Userlogin]] and send your password remotely (if your browser > stores it). > > > If someday wikia enables an improved version of this extension, PLEASE > do something like the param indicating the page to load is the title > of the article, not a url, and check it with MediaWiki so if it > doesn't exist displays a red link or something. This is the proper way > of doing things. > > What was doing now could be done with some javaScript in Common.js, so > a replacement of this extension could be done without much effort and > without a need of a extension install. > > As an idea: > <http://www.wikia.com/wiki/User:Ciencia_Al_Poder/Embed_Quick_Time_Movies.js> > what means: a <div> with a specific class="" attribute. Inside, a list > of links, preferably of the form [[Link|Text]] so you can make sure > only internal links are parsed and the problem of the TabView > extension gets solved. > > Cheers. > > > 2007/8/17, Inez Korczyński wrote: > > > Hi, > > I just create new extension - TabView. > It allow to create dynamic tabs inside article page. > > Example: http://toys.wikia.com/wiki/TabViewTest > CSS for that example is at the end of: > http://toys.wikia.com/wiki/MediaWiki:Common.css > > About syntax: > > tag parameters: > id - (optional) postfix for root div for tab > title - (optional) title showed above tabs > > inside parameters: > 1st - tab name > 2nd - url to article with content to display (remember about action=render) > 3nd - (optional) cache content - false/true > 4nd - (optional) active tab - false/true > > That extension use YUI library module called TabView: > http://developer.yahoo.com/yui/tabview/ > > Feel free to play with it, I'm waiting for feedback and remember that > extension is in beta version. > > Inez > > _______________________________________________ > Wikia-l mailing list > [email protected] > http://lists.wikia.com/mailman/listinfo/wikia-l > > > _______________________________________________ > Wikia-l mailing list > [email protected] > http://lists.wikia.com/mailman/listinfo/wikia-l > > > _______________________________________________ > Wikia-l mailing list > [email protected] > http://lists.wikia.com/mailman/listinfo/wikia-l > > > _______________________________________________ > Wikia-l mailing list > [email protected] > http://lists.wikia.com/mailman/listinfo/wikia-l > > > _______________________________________________ > Wikia-l mailing list > [email protected] > http://lists.wikia.com/mailman/listinfo/wikia-l > > > > _______________________________________________ > Wikia-l mailing list > [email protected] > http://lists.wikia.com/mailman/listinfo/wikia-l > > _______________________________________________ Wikia-l mailing list [email protected] http://lists.wikia.com/mailman/listinfo/wikia-l
