Thanks for all the comments Bawolff and Daniel!
They have confirmed the suspicion I had: using the 'Widget' extension
is a way to insert something into Mediawiki... but it puts a hole into
the security framework-- especially if you are passing parameters to
the Widget.
Broadly speaking, the Widgets seem to be an avenue to fulfill the
needs of two different constituencies - (1) a constituency that wants
to add things the WikiMedia Foundation (WMF) isn't going to develop
'cause it doesn't fit with their mission, and (2) a constituency to
add things that the WMF hasn't prioritized but could be useful to the
WMF.
OpenSeadragon I think fits with the later... and it begs the question:
How to generate enthusiasm for getting OpenSeadragon securely
integrated into MediaWiki?
At a functional level a deep zoom image (DZI) is an image... if
implemented it might improve on the current paradigm of a small
thumbnail-click for link to WikiCommons-click *again* for full
resolution of image; in OpenSeadragon
(as implemented with the widget) it is zoom with roller, click for
fullscreen with OpenSeadragon.
Once again thanks,
Michael
Quoting "Dr. Michael Bonert" <mich...@librepathology.org>:
[Hide Quoted Text]
Hello,
I was wondering about the security of Widgets (
https://www.mediawiki.org/wiki/Extension:Widgets ) that get parameters
passed to them. Any thoughts?
Are the parameters passed through to the widget cleansed of html/scripts?
If it isn't -- is it possible to easily enforce typing/boundaries on
the parameters?
Generally, speaking, I am looking for a discussion around security & widgets.
A widget I created (below) takes three parameters (width, height,
filename) and feeds those to OpenSeadragon(
https://openseadragon.github.io /
https://en.wikipedia.org/wiki/Seadragon_Software ). It works on a
testing
server.
OpenSeadragon was discussed in brain storming in 2015 -
https://www.mediawiki.org/wiki/Reading/Quarterly_Brainstorming
My interest in this is virtual (microscopic) slides (e.g.
http://openslide.org/demo/ ) which are often
several gigabytes of data each.
Thanks,
Michael
------------------------
Widget code...
Create page: Widget:OpenSeadragon
---------------------------------------------------------------------
<noinclude>__NOTOC__
<!-- Copyright (c) 2016 Michael Bonert -->
<!-- Released under GNU General Public Licence - Version 3; see
http://www.gnu.org/licenses/gpl.html -->
To insert this widget, use the following code:
<nowiki>{{#widget:</nowiki>{{PAGENAME}}<nowiki>
|image=12881.dzi
|width=800
|height=600
}}</nowiki>
</noinclude>
<includeonly><!-- This inserts an OpenSeadragon image -->
<div id="openseadragon1" style="width:
<!--{$width|default:400|escape:'html'}-->px; height:
<!--{$height|default:300|escape:'html'}-->px;"></div>
<script src="../../openseadragon/openseadragon.min.js"></script>
<script type="text/javascript">
var viewer = OpenSeadragon({
id: "openseadragon1",
prefixUrl: "../../openseadragon/images/",
tileSources: "../../vslide/<!--{$image|escape:'urlpathinfo'}-->"
});
</script>
</includeonly>
-------------------------------------------------
Delete | Reply | Reply to All | Forward | Redirect | View Thread |
Blocklist | Acceptlist | Message Source | Resume | Save as | Print
Move | Copy
Back to sent-mail <
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Michael Bonert, BASc (Mech Eng), MASc (Biomed Eng), MD, FRCPC
Board Member and Founder
Libre Pathology Limited
Newfoundland and Labrador
Email: mich...@librepathology.org
Mobile: 289 776-8722
Web: http://librepathology.org
Twitter: http://twitter.com/librepathology
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
