Widget:Iframe: Difference between revisions

From Nottinghack Wiki
Jump to navigation Jump to search
test
 
mNo edit summary
Line 11: Line 11:
While the URL is validated to be a valid URL, there is no way the widget can check the contents of the page that is included. When enabling this widget, you allow any user that can edit to include any page, including malicious pages (containing trojans, backdoors, viruses etc), pages that brake out of the iframe and pages that look like your site, but actually is a copy used for phishing.
While the URL is validated to be a valid URL, there is no way the widget can check the contents of the page that is included. When enabling this widget, you allow any user that can edit to include any page, including malicious pages (containing trojans, backdoors, viruses etc), pages that brake out of the iframe and pages that look like your site, but actually is a copy used for phishing.


== Copy to your site ==
To use this widget on your site, just install [https://www.mediawiki.org/wiki/Extension:Widgets MediaWiki Widgets extension] and copy the [{{fullurl:{{FULLPAGENAME}}|action=edit}} full source code] of this page to your wiki as page '''{{FULLPAGENAME}}'''.
</noinclude><includeonly><iframe src="<!--{$url|validate:url}-->" style="border: <!--{$border|escape:html|default:0}-->" width="<!--{$width|escape:html|default:400}-->" height="<!--{$height|escape:html|default:300}-->"></iframe></includeonly>
</noinclude><includeonly><iframe src="<!--{$url|validate:url}-->" style="border: <!--{$border|escape:html|default:0}-->" width="<!--{$width|escape:html|default:400}-->" height="<!--{$height|escape:html|default:300}-->"></iframe></includeonly>

Revision as of 01:16, 27 April 2019

This widget allows you to embed any web page on your wiki page using an iframe tag.

Created by Sergey Chernyshev

Using this widget

For information on how to use this widget, see widget description page on MediaWikiWidgets.org.

This widget shouldn't be used on a publicly-editable wiki.

While the URL is validated to be a valid URL, there is no way the widget can check the contents of the page that is included. When enabling this widget, you allow any user that can edit to include any page, including malicious pages (containing trojans, backdoors, viruses etc), pages that brake out of the iframe and pages that look like your site, but actually is a copy used for phishing.