### Install and Configure HTMLTags Extension in MediaWiki Source: https://context7.com/wikimedia/mediawiki-extensions-htmltags/llms.txt Standard MediaWiki extension installation using wfLoadExtension() in LocalSettings.php. Configuration involves defining allowed HTML tags and their attributes in the $wgHTMLTagsAttributes array. This is a mandatory step for the extension to function. ```php // In LocalSettings.php // Load the extension wfLoadExtension( 'HTMLTags' ); // Configure allowed tags (required - extension won't work without this) $wgHTMLTagsAttributes = array(); // Example configuration for a documentation wiki $wgHTMLTagsAttributes['a'] = array( 'href', 'class', 'target', 'title' ); $wgHTMLTagsAttributes['span'] = array( 'class', 'style' ); $wgHTMLTagsAttributes['div'] = array( 'class', 'id', 'style' ); $wgHTMLTagsAttributes['code'] = array( 'class' ); $wgHTMLTagsAttributes['pre'] = array( 'class' ); // The extension is now ready to use on wiki pages ``` -------------------------------- ### HTML Tags Extension Error Handling Examples (Wiki Markup) Source: https://context7.com/wikimedia/mediawiki-extensions-htmltags/llms.txt Illustrates common error scenarios such as missing required attributes, using unsupported tags, or attempting to use unauthorized attributes, showing the extension's protective measures. ```wikitext // Error handling example 1: Missing tagname attribute Link // Output: Error message "The attribute 'tagname' must be set for this tag." // Error handling example 2: Unsupported tag alert('xss') // Output: Error message "The tag name 'script' is not supported for ." // Error handling example 3: Unauthorized attribute is silently ignored Safe Link // Output: Safe Link // Note: onclick is ignored because it's not in the whitelist ``` -------------------------------- ### Advanced HTML Tags Configuration (PHP) Source: https://context7.com/wikimedia/mediawiki-extensions-htmltags/llms.txt Provides comprehensive examples of configuring `$wgHTMLTagsAttributes` in LocalSettings.php for various HTML5 elements, media tags, and complex nested structures for richer wiki content. ```php // In LocalSettings.php after wfLoadExtension('HTMLTags') // Example 1: Allow anchor tags with navigation attributes $wgHTMLTagsAttributes['a'] = array( 'href', 'class', 'id', 'title', 'target' ); // Example 2: Allow semantic HTML5 elements $wgHTMLTagsAttributes['article'] = array( 'class', 'id' ); $wgHTMLTagsAttributes['section'] = array( 'class', 'id' ); $wgHTMLTagsAttributes['aside'] = array( 'class', 'id' ); $wgHTMLTagsAttributes['figure'] = array( 'class' ); $wgHTMLTagsAttributes['figcaption'] = array(); // Example 3: Allow formatting elements $wgHTMLTagsAttributes['span'] = array( 'class', 'id', 'style', 'data-toggle' ); $wgHTMLTagsAttributes['div'] = array( 'class', 'id', 'style' ); // Example 4: Allow media elements with specific attributes $wgHTMLTagsAttributes['video'] = array( 'src', 'controls', 'width', 'height', 'poster' ); $wgHTMLTagsAttributes['audio'] = array( 'src', 'controls' ); $wgHTMLTagsAttributes['source'] = array( 'src', 'type' ); // Complex real-world usage: Building a styled info box // Wiki markup: Project Overview The HTML Tags extension enables secure HTML rendering. ``` -------------------------------- ### Render HTML Tags with Attributes (Wiki Markup & PHP) Source: https://context7.com/wikimedia/mediawiki-extensions-htmltags/llms.txt Processes `` wiki markup, validates against the configured whitelist, sanitizes attributes, and returns safe HTML. Demonstrates creating links, semantic containers, and styled elements. ```wikitext // Wiki markup example 1: Creating a custom link Click here for more information // Rendered output: // Click here for more information // Wiki markup example 2: Semantic container with styling This is an important notice with custom styling. // Rendered output: //
This is an important notice with custom styling.
// Wiki markup example 3: Inline styled text Important text ``` -------------------------------- ### Configure Allowed HTML Tags and Attributes (PHP) Source: https://context7.com/wikimedia/mediawiki-extensions-htmltags/llms.txt Defines the global variable `$wgHTMLTagsAttributes` in LocalSettings.php to specify which HTML tags and their corresponding attributes are permitted. This whitelist approach is key to the extension's security. ```php // In LocalSettings.php $wgHTMLTagsAttributes['a'] = array( 'href', 'class', 'title' ); $wgHTMLTagsAttributes['span'] = array( 'class', 'id', 'style' ); $wgHTMLTagsAttributes['div'] = array( 'class', 'id' ); ``` -------------------------------- ### Register HTML Tags Parser Hook (PHP) Source: https://context7.com/wikimedia/mediawiki-extensions-htmltags/llms.txt Registers the `` parser hook with MediaWiki's parser during extension initialization. This hook is essential for the extension to process and render custom HTML tags. ```php // In extension.json "Hooks": { "ParserFirstCallInit": "HTMLTags::register" } // Implementation in includes/HTMLTags.php public static function register( $parser ) { $parser->setHook( 'htmltag', [ __CLASS__, 'render' ] ); } ``` -------------------------------- ### HTMLTags Extension Security Features and Sanitization Source: https://context7.com/wikimedia/mediawiki-extensions-htmltags/llms.txt Details the security features of the HTMLTags extension, focusing on XSS prevention. It outlines the process of parsing wiki variables, escaping HTML special characters using htmlspecialchars(), unescaping ampersands for URLs, and rendering HTML safely via MediaWiki's Html::element(). ```php // From includes/HTMLTags.php:48-61 // Step 1: Parse wiki variables in attribute values $value = $parser->replaceVariables( $value, $frame ); // Step 2: Escape all HTML special characters to prevent XSS $value = htmlspecialchars( $value, ENT_QUOTES ); // Example: href="javascript:alert('xss')" becomes href="javascript:alert('xss')" // Step 3: Undo ampersand escaping for proper URL functionality $value = str_replace( '&', '&', $value ); // Example: href="page?id=1&type=2" becomes href="page?id=1&type=2" // Step 4: Build attributes array with sanitized values $attributes[$key] = $value; // Step 5: Use MediaWiki's safe HTML generation // Html::element() provides additional XSS protection if ( class_exists( 'MediaWiki\Html\Html' ) ) { $htmlClass = 'MediaWiki\Html\Html'; // MW 1.40+ } else { $htmlClass = 'Html'; // Earlier versions } return $htmlClass::element( $tagName, $attributes, $input ); // Real-world security test cases: // Input: Click // Output: Safe rendering with escaped JavaScript // Input: Text // Output: onclick attribute is completely ignored (not in whitelist) // Input: Link // Output: Link (ampersands preserved) ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.