Attributes | Apple Computer Hardware manual

Allowing Specific Protocols,	2
CSS Styles, and HTML Tags

and Attributes

This chapter describes how to enable specific protocols, CSS styles, and HTML tags and attributes.

The default wiki server setup simplifies administration by automatically removing potentially harmful protocols, CSS styles, and HTML tags and attributes. The wiki server is capable of allowing all protocols, CSS styles, and HTML tags and attributes.

The wiki server uses two whitelist files (a built-in whitelist and a custom whitelist) to determine allowed protocols, CSS styles, and HTML tags and attributes. Elements that appear in either of these whitelists are allowed, and all other elements are disallowed.

The built-in whitelist includes common, usually harmless, elements. It doesn’t include potentially harmful tags like embed, param, object, and script. To embed Flash or YouTube in your site, you’ll need to include some of these tags. If you create a custom whitelist, you can allow these elements, along with new styles (such as font-size) and protocols (such as irc and scp).

These whitelists affect all wikis on the server.

WARNING: Some protocols, HTML tags and attributes can compromise your server’s security and integrity, or harm users who connect to your server. Make sure you understand the implications of whatever you enable. For example, allowing JavaScript introduces security vulnerabilities such as cross-site scripting. For information about cross-site scripting, see http://en.wikipedia.org/wiki/Cross-site_scripting.

30

Image 30

Apple Computer Hardware manual Attributes

Contents

Mac OS X Server 019-1252/2008-04-24 Contents Managing Wiki Content Getting Additional Information Preface Preface About This Guide This chapter describes how to customize a wiki’s appearance Theme File Structure Overview Customizing How the Wiki Looks Variant Theme File Structure Overview Wireframe Theme File Structure Overview File or Folder Name Purpose Borders, and positioning for comment entry Terminal, enter the following commands Creating a Theme Editing CSS Files Website Editing Property List Files About Property List Editor About Strings About Property List FilesAbout Property List Keys and Values About Dictionaries Here is an example of an array with a single string About ErrorsHere is the sidebars array in a plain text editor Here is an example of an array with multiple strings Changing General Theme Settings Key Default Value Possible ValuesDescription Shared Keys Creating SidebarsUnderstanding the Types of Sidebars All sidebars require the following keys Static Unique Keys Each dictionary entry has the following keysKey Example Value Possible Values Optional or Required Search Unique Keys Calendar Unique Keys Recent Activity Unique Keys Overview of the Example SidebarsTag Unique Keys Sidebar Name Description Using the Example Sidebars Terminal, enter the following commandTo comment out specific sidebars To this Adding JavaScript and XSL Files To add JavaScript files or XSL files to a themePut JavaScript .js files or XSL .xsl files in this folder About JavaScript Here are some published JavaScript guidesTopic About XSL JavaScript Example Create a plain text file with the following content Viewing Dynamic XMLTo view context $ sudo serveradmin stop teams sudo serveradmin start teams Attributes Creating a Custom Whitelist About the Custom Whitelist’s Structure Allowing Specific URL ProtocolsAllowing Specific CSS Styles Allowing Specific Html Tags and Attributes To allow specific Html tags and attributesTag Attributes Built-in whitelist allows these protocols About the Built-in WhitelistProtocols Allowed in the Built-in Whitelist Protocol Built-in whitelist allows these CSS styles CSS Styles Allowed in the Built-in WhitelistHtml Tags and Attributes Allowed in the Built-in Whitelist Built-in whitelist allows these Html tags and attributes Node Pre Cite Span Strong Tbody Tfoot Colspan, rowspan Thead Migrating Wiki Content From Other Websites Backing Up the Wiki Server Managing Wiki Content Wiki File Structure Overview Manually Editing Raw Content File or Folder Name Purpose Viewing a Wiki’s Administration Settings To regenerate the index after editing raw wiki contentFor more information about AtomPub, see Metadata.plist file includes the following keys Key Example Value Description To manually edit wiki administration settings Viewing a Page’s Metainformation Pageuid Managing Attachments