[html4all] HTML tags on the wiki
rob at robburns.com
Mon Aug 27 10:44:35 PDT 2007
I'm getting a little closer to figuring out the wiki issues. I think
I've uncovered how to add file uploads to the wiki. This will mean we
can use the built-in wiki markup for adding images. Such wiki markup
has alt= added to all images. Unfortunately it repeats the alt= on
the img in the title attribute of the img element's parent anchor
element. When adding the keyword 'caption' to the markup, the text is
then repeated a third time in the images caption (along with img at alt
and a at title).
One option is to allow all HTML wrapped in <html> tags. This is
discouraged as a security risk when using a completely open wiki.
We could easily restrict access somewhat and it would probably be
safe to enable this feature.
the other thing I was looking for was an HTML tag whitelist. It turns
out that the white list is written in PHP and it has to be changed
before compiling the MediaWiki software. This is something I think
perhaps DanC should do in setting up a new wiki for W3C. However, its
not something I feel I could accomplish, but I might look into it.
Basically it would involve making changes to teh whit list and then
compiling our own HTML4All WikiMedia version.
There is a bug report to MediaWiki to add some of the obvious missing
tags (abbr, defn, q, etc). Obviously there's no danger in
allowing these tags and they can also improve accessibility for the
wiki. However, the presumption seems to be that adding <img> and
<object> would be dangerous. I'm not sure if that's the case. They
may be, but I'd rather hear the arguments than simply assuming they
are. Perhaps enabling <object> without <param> would make it usable,
but remove some of the bigger chances for a security hole. Some of
the <object> attributes might also open some danger like: codebase,
codetype, and clasid. Again, I'm not saying these are security holes,
but they could be. Any security holes would have to be exploits of
software users already had installed on their system.
Finally, I think perhaps the MediaWiki software approach to this
might be to instead add new syntax for images to differentiate
between alt=, title= and captions. Something like:
[Image:srcURI | caption:caption-text | title:title-text | some-alt-
This way the wikimedia software would convert that syntax into either
an img or object element depending on the configuration. Perhaps
filing a new bug on that would be helpful.
I was also thinking of writing to DanC on this to alert him to the
fact that W3C may want to compile its own version of MediaWiki to add
support for more semantics and accessibility.
I'd like to hear from the group on what approach I should take.
Obviously if I or anyone else can handle a recompile and installation
of our own MediaWiki software that would be great. However, if we
can't do that, should we require login to the site and turn on all
: Enable all HTML in <html></html> wrapper:
: MediaWiki bug report on adding some additional HTML tags:
: Diff of proposed HTML tag white list:
More information about the List_HTML4all.org