diff options
| author | Joey Hess <joey@gnu.kitenet.net> | 2008-12-26 15:27:49 -0500 |
|---|---|---|
| committer | Joey Hess <joey@gnu.kitenet.net> | 2008-12-26 15:27:49 -0500 |
| commit | c2d2ff0199f16e028431cd83961b1bff5e2caa99 (patch) | |
| tree | 7ef7176c62f19dc0fd5e3affaf6ffd1086b4e1f3 /doc/tips/embedding_content.mdwn | |
| parent | dbd95c67bc787e57063f58f7cf0472375d35cd75 (diff) | |
| download | ikiwiki-c2d2ff0199f16e028431cd83961b1bff5e2caa99.tar ikiwiki-c2d2ff0199f16e028431cd83961b1bff5e2caa99.tar.gz | |
deprecate embed plugin too
I see that this plugin's lists of safe content are already well out of
date, and htmlscrubber_skip offers a non whitelist based approach, so let's
deprecate this plugin for 3.0.
Diffstat (limited to 'doc/tips/embedding_content.mdwn')
| -rw-r--r-- | doc/tips/embedding_content.mdwn | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/doc/tips/embedding_content.mdwn b/doc/tips/embedding_content.mdwn new file mode 100644 index 000000000..666f4dab3 --- /dev/null +++ b/doc/tips/embedding_content.mdwn @@ -0,0 +1,35 @@ +Content from sites such as YouTube can be embedded into a web page. Maybe +you want to do this. But you'll find that the [[plugins/htmlscrubber]] +doesn't let you. It blocks the tags used to embed such content, because +they can be abused in many evil ways. + +Some plugins have been written to try to work around this problem, by +whitelisting the html needed to embed things from a few sites like Google +calendar, videos, and YouTube. The problem with these plugins is that they +have to be kept up to date to add new sites, and follow changes to the html +such sites use for embedding. + +(Digression: The real problem with the plugins is that they hide the +underlying trust relationship. If you decide to embed html from a site, +you'd better trust that site. And if ikiwiki lets you enter such html, it +needs to trust you.) + +The [[plugins/htmlscrubber]] offers a different way around this problem. +You can configure it to skip scrubbing certian pages, so that content from +elsewhere can be embedded on those pages. Then use [[plugins/lockedit]] +to limit who can edit those unscrubbed pages. + +For example, suppose your blog is all under `blog/*`, and you want +only yourself to be able to post there, and you'd like to be able to embed +youtube videos etc in your blog. Other users can edit some pages in the +wiki (Discussion pages, say), but not your blog posts. Then you could configure +ikiwiki as follows: + + htmlscrubber_skip => 'blog/* and !*/Discussion', + locked_pages => '!*/Discussion', + +More simply, you might want to allow yourself to embed content anywhere +on the wiki, but scrub content written on Discussion pages: + + htmlscrubber_skip => '!*/Discussion', + locked_pages => '!*/Discussion', |