On 05/19/2014 04:54 PM, Gabriel Wicke wrote: > The move to HTML-based (self-contained) transclusions expansions will avoid > this issue completely. That's a few months out though. Maybe we can find a > stop-gap solution that moves in that direction, without introducing special > tags in expandtemplates that we'll have to support for a long time.
Here's a proposal: * Introduce a <domparse> extension tag that causes its content to be parsed all the way to a self-contained DOM structure. Example: <domparse>{{T}}</domparse> * Emit this tag for HTML page transclusions. Avoids the security issue as there's no way to inject verbatim HTML. Works with Parsoid out of the box. * Use <domparse> to support parsing unbalanced templates by inserting it into wikitext: <domparse> {{table-start}} {{table-row}} {{table-end}} </domparse> * Build a solid HTML-only expansion API end point, and start using that for all transclusions that are not wrapped in <domparse> * Stop wrapping non-wikitext transclusions into <domparse> in action=expandtemplates once those can be directly expanded to a self-contained DOM. Gabriel _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l