Widget:Iframe View history

No edit summary
m (Reverted edits by NetHunter (talk) to last revision by Kentsmith9)
Line 5: Line 5:


== Using this widget ==
== Using this widget ==
For information on how to use this widget, see [http://www.mediawikiwidgets.org/Iframe widget description page on MediaWikiWidgets.org].


<big>'''<font color="red">This widget shouldn't be used on a publicly-editable wiki.</font>'''</big>
To insert this widget, use the following code:
 
<nowiki>{{#widget:</nowiki>{{PAGENAME}}<nowiki>
|url=http://docs.google.com/present/embed?id=dcn37mcz_22cmnwnwf8
|width=410
|height=342
|border=0
}}</nowiki>
 
== Parameters ==
* '''url''' - URL of page being inserted
* '''width''' - width of the iframe (default is 400)
* '''height''' - height of the iframe (default is 300)
* '''border''' - border width (default is 1)
 
== !!! Security Warning !!! ==
Including the page will not let that page steal the data on your site, hack into your user accounts and so on because it is protected by an iframe, but contents of the page will be displayed as part of the page on your site which can cause non-technical '''security problems through [[wikipedia:Social engineering (security)|social engineering]]'''.


While the url is validated to be a valid url, there is no way the widget can check the contents of the page that is included. When enabling this widget, you allow any user that can edit to include any page, including malicious pages (containing trojans, backdoors, viruses etc), pages that brake out of the iframe and pages that look like your site, but actually is a copy used for phishing.
While the url is validated to be a valid url, there is no way the widget can check the contents of the page that is included. When enabling this widget, you allow any user that can edit to include any page, including malicious pages (containing trojans, backdoors, viruses etc), pages that brake out of the iframe and pages that look like your site, but actually is a copy used for phishing.


== Copy to your site ==
== Sample result ==
To use this widget on your site, just install [http://www.mediawiki.org/wiki/Extension:Widgets MediaWiki Widgets extension] and copy [{{fullurl:{{FULLPAGENAME}}|action=edit}} full source code] of this page to your wiki as '''{{FULLPAGENAME}}''' article.
{{#widget:{{PAGENAME}}
|url=http://docs.google.com/present/embed?id=dcn37mcz_22cmnwnwf8
|width=410
|height=342
|border=0
}}
 
 
</noinclude><includeonly><iframe src="<!--{$url|validate:url}-->" frameborder="<!--{$border|validate:int|default:0}-->" width="<!--{$width|escape:html|default:400}-->" height="<!--{$height|escape:html|default:300}-->"></iframe></includeonly>
</noinclude><includeonly><iframe src="<!--{$url|validate:url}-->" frameborder="<!--{$border|validate:int|default:0}-->" width="<!--{$width|escape:html|default:400}-->" height="<!--{$height|escape:html|default:300}-->"></iframe></includeonly>

Revision as of 16:22, 4 December 2014

This widget allows you to embed any web page on your wiki page using an iframe tag.

Created by Sergey Chernyshev

Using this widget

To insert this widget, use the following code:

{{#widget:Iframe
|url=http://docs.google.com/present/embed?id=dcn37mcz_22cmnwnwf8
|width=410
|height=342
|border=0
}}

Parameters

  • url - URL of page being inserted
  • width - width of the iframe (default is 400)
  • height - height of the iframe (default is 300)
  • border - border width (default is 1)

!!! Security Warning !!!

Including the page will not let that page steal the data on your site, hack into your user accounts and so on because it is protected by an iframe, but contents of the page will be displayed as part of the page on your site which can cause non-technical security problems through social engineering.

While the url is validated to be a valid url, there is no way the widget can check the contents of the page that is included. When enabling this widget, you allow any user that can edit to include any page, including malicious pages (containing trojans, backdoors, viruses etc), pages that brake out of the iframe and pages that look like your site, but actually is a copy used for phishing.

Sample result