Apple Computer Hardware manual Attributes

Page 30

Allowing Specific Protocols,

2

CSS Styles, and HTML Tags

and Attributes

This chapter describes how to enable specific protocols, CSS styles, and HTML tags and attributes.

The default wiki server setup simplifies administration by automatically removing potentially harmful protocols, CSS styles, and HTML tags and attributes. The wiki server is capable of allowing all protocols, CSS styles, and HTML tags and attributes.

The wiki server uses two whitelist files (a built-in whitelist and a custom whitelist) to determine allowed protocols, CSS styles, and HTML tags and attributes. Elements that appear in either of these whitelists are allowed, and all other elements are disallowed.

The built-in whitelist includes common, usually harmless, elements. It doesn’t include potentially harmful tags like embed, param, object, and script. To embed Flash or YouTube in your site, you’ll need to include some of these tags. If you create a custom whitelist, you can allow these elements, along with new styles (such as font-size) and protocols (such as irc and scp).

These whitelists affect all wikis on the server.

WARNING: Some protocols, HTML tags and attributes can compromise your server’s security and integrity, or harm users who connect to your server. Make sure you understand the implications of whatever you enable. For example, allowing JavaScript introduces security vulnerabilities such as cross-site scripting. For information about cross-site scripting, see http://en.wikipedia.org/wiki/Cross-site_scripting.

30

Page 29 Page 31
Image 30
Page 29 Page 31
Contents Mac OS X Server 019-1252/2008-04-24 Contents Managing Wiki Content Getting Additional Information PrefacePreface About This Guide This chapter describes how to customize a wiki’s appearance Theme File Structure OverviewCustomizing How the Wiki Looks Variant Theme File Structure Overview Wireframe Theme File Structure Overview File or Folder Name PurposeBorders, and positioning for comment entry Terminal, enter the following commands Creating a ThemeEditing CSS Files WebsiteEditing Property List Files About Property List EditorAbout Strings About Property List FilesAbout Property List Keys and Values About DictionariesHere is an example of an array with a single string About ErrorsHere is the sidebars array in a plain text editor Here is an example of an array with multiple stringsChanging General Theme Settings Key Default Value Possible ValuesDescription Shared Keys Creating SidebarsUnderstanding the Types of Sidebars All sidebars require the following keysStatic Unique Keys Each dictionary entry has the following keysKey Example Value Possible Values Optional or Required Search Unique Keys Calendar Unique Keys Recent Activity Unique Keys Overview of the Example SidebarsTag Unique Keys Sidebar Name DescriptionUsing the Example Sidebars Terminal, enter the following commandTo comment out specific sidebars To this Adding JavaScript and XSL Files To add JavaScript files or XSL files to a themePut JavaScript .js files or XSL .xsl files in this folder About JavaScript Here are some published JavaScript guidesTopic About XSL JavaScript ExampleCreate a plain text file with the following content Viewing Dynamic XMLTo view context $ sudo serveradmin stop teams sudo serveradmin start teams Attributes Creating a Custom Whitelist About the Custom Whitelist’s Structure Allowing Specific URL ProtocolsAllowing Specific CSS Styles Allowing Specific Html Tags and Attributes To allow specific Html tags and attributesTag Attributes Built-in whitelist allows these protocols About the Built-in WhitelistProtocols Allowed in the Built-in Whitelist ProtocolBuilt-in whitelist allows these CSS styles CSS Styles Allowed in the Built-in WhitelistHtml Tags and Attributes Allowed in the Built-in Whitelist Built-in whitelist allows these Html tags and attributesNode Pre Cite Span Strong Tbody Tfoot Colspan, rowspan Thead Migrating Wiki Content From Other Websites Backing Up the Wiki ServerManaging Wiki Content Wiki File Structure Overview Manually Editing Raw Content File or Folder Name PurposeViewing a Wiki’s Administration Settings To regenerate the index after editing raw wiki contentFor more information about AtomPub, see Metadata.plist file includes the following keys Key Example Value DescriptionTo manually edit wiki administration settings Viewing a Page’s Metainformation PageuidManaging Attachments
Top Page Image Contents