Difference between revisions of "User talk:John"

Please use this page to inform me of major edits you wish to perform. Just add the link to the page that you're working on and write down the details of the edit in the Discussion that belongs to the page. Don't forget to add your signature.

Edits to discuss

• Adding embed function for videos.

John: I've found an extension that allows for video embed on Wiki pages. Before I install it I'd like you to look at the information page for EmbedVideosPlus http://www.mediawiki.org/wiki/EmbedVideoPlus.

Note that there is a warning at the top regarding security risks of using the extension. There is a solution proposed but I'd like your opinion before going forward with this.

Solution: strictly validate user input and/or apply escaping to all characters that have a special meaning in HTML http://www.mediawiki.org/wiki/Cross-site_scripting#Stopping_Cross-site_scripting

--Charles 23:08, 6 January 2012 (PST)

--John Eagles 00:30, 7 January 2012 (PST)

Charles This looks like worth trying out. When i am correct, by controlling who are users, the security risks are minimized? I don't understand what this means: "apply escaping to all characters that have a special meaning in HTML"

--Charles 01:14, 7 January 2012 (PST)

John : I will return to this tomorrow as it's 1:00am and I'm beat. I also don't know what the "apply escaping" means but the text gave instructions so I will study it carefully.

I don't know if controlling the users reduces this risk or how the exploits could work but if the solution proposed works, it shouldn't be a problem either way.

I'm curious to know if there's a way you are notified when I edit this page? If there is, I'm sure I'll eventually find it but for now, if you can tell me how it's done, that will speed up the process for me. Thanks.