How to enhance wiki content with JavaScript: Difference between revisions

Content deleted Content added

Inline

Revision as of 14:38, 11 September 2022

This is a guide for how, as contributors to a wiki, you can develop JavaScript to make a wiki page interactive.

Dynamic content

Wikitext is a powerful markup language, which allows end-users of the MediaWiki platform to build dynamic portals, forms, and interactive experiences directly into content pages without involvement from server administrators. Examples of primitivites that enable dynamic server-rendered content are: templates, magic words, parser functions, and Lua modules.

While the above capabilities make nearly everything possible that raw HTML, server-side PHP, or client-side JavaScript could do; we don't allow any of those directly on wiki pages as that would pose significant security risks and hamper long-term support and compatibility. Well-written content is expected to work indefinitely, whereas native extensions must follow release cycles of MediaWiki (Stable interface policy) or upstream PHP/Linux, etc.

As a security precaution to prevent attacks against the wiki, most HTML elements cannot be constructed via wikitext. Static content is generally supported both in wikitext syntax and through HTML-like syntax. Images and hyperlinks are possible via dedicated syntax that naturally disallows unsafe content.

This means that you cannot load Google AdSense banners, Facebook buttons, Disqus widgets, or embed any other scripts into wiki content. You should also never take input from wikitext or URL parameters such that arbitrary HTML or JavaScript can be formed or loaded as that would result in the same security vulnerabilities, which could e.g. result in security and privacy leaks (PII, reading habits, passwords, etc.).

Personal scripts

Individual editors can write customisations for themselves via Personal scripts under their user account. These can also be shared peer-to-peer with other users.

Default site scripts

Elected content administrators and on-wiki interface admins can develop JavaScript via site scripts such as Common.js or a Gadget. Both of these reside in the "MediaWiki" namespacec that is restricted to administrators.

Adding the HTML and JavaScript

Creating the script

jQuery is is bundled with MediaWiki core. You can write your script like this:

$(function () {
	var myPlace = document.getElementById('tpl-example-placeholder');
	myPlace.innerHTML = 'any HTML';
}());

$(function () {
	$('#mw-mywiki-example').html('any HTML');
}());

Separate script

If your script gets too long or you want to keep snippets from a third-party library separate, you can create a new file in the MediaWiki namespace (ending in .js), e.g. MediaWiki:Example.js. And then instruct MediaWiki to import that script. To do this, add an import script instruction to MediaWiki:Common.js:

importScript('MediaWiki:Example.js');

Enable on a wiki page

To display the widget on a wiki page, it is recommended to create a template in order to make it easy to re-use. For example, it could be called Template:Example.

Add the following code to the template. Make sure the ID matches the identifier you specified in your script earlier.

<div id="tpl-example-placeholder">...</div>

You can use any tags or attributes to style the template and the content being added. Just make sure that you keep the identifier the same.

Enable it on a page by including the template on any wiki page(s) you want the script to apply:

{{Example}}

@@ Line 1: / Line 1: @@
+{{Hatnote|This is a draft mostly written in 2013. For current documentation on developing gadgets, refer to [[Manual:Interface/JavaScript]], [[Extension:Gadgets]], and [[Gadget kitchen]]. For current docs on how to use ResourceLoader, refer to [[ResourceLoader/Developing with ResourceLoader]].}}{{Warn|For '''performance''' reasons (both server-side and client-side performance concerns apply), widely used capabilities should generally be developed as MediaWiki extensions. Gadgets offer an effective means of prototyping and may in some cases satisfy needs indefinitely.}}
-By using JavaScript files in the MediaWiki namespace and allowed HTML in the Template namespace, it is possible to add any HTML and JavaScript to wiki pages securely.
+This is a guide for how, as contributors to a wiki, you can develop JavaScript to make a wiki page interactive.
-As a security precaution to prevent attacks against the wiki, many HTML tags and all JavaScript is disabled in regular wikitext.  This means that you cannot copy Google AdSense banners, Disqus comment boxes, Facebook like buttons, or any other embeddable objects into the source code of a page.  You should also '''never''' allow any HTML or JavaScript to be useable in page source code because of the severe security vulnerabilities, which include allowing an attacker to gather every password used by all wiki users.
+== Dynamic content ==
-== Adding the HTML and JavaScript ==
+Wikitext is a powerful markup language, which allows end-users of the MediaWiki platform to build dynamic portals, forms, and interactive experiences directly into content pages without involvement from server administrators. Examples of primitivites that enable dynamic server-rendered content are: [[Help:Templates|templates]], [[Help:Magic words#Parser functions|magic words]], [[Help:Extension:ParserFunctions|parser functions]], and [[Extension:Scribunto/Lua reference manual|Lua modules]].
+While the above capabilities make nearly everything possible that raw HTML, server-side PHP, or client-side JavaScript could do; we don't allow any of those directly on wiki pages as that would pose significant security risks and hamper long-term support and compatibility. Well-written content is expected to work indefinitely, whereas native extensions must follow release cycles of MediaWiki ([[Stable interface policy]]) or upstream PHP/Linux, etc.
-=== Creating the script ===
+As a security precaution to prevent attacks against the wiki, most HTML elements cannot be constructed via wikitext. Static content is generally supported both in wikitext syntax and through HTML-like syntax. Images and hyperlinks are possible via dedicated syntax that naturally disallows unsafe content.
-JavaScript programs can be written on the MediaWiki:Common.js page on your wiki. You will need to write JavaScript even if you are only using HTML because JavaScript is what will add the HTML elements to the page.
+This means that you cannot load Google AdSense banners, Facebook buttons, Disqus widgets, or embed any other scripts into wiki content.  You should also never take input from wikitext or URL parameters such that arbitrary HTML or JavaScript can be formed or loaded as that would result in the same security vulnerabilities, which could e.g. result in security and privacy leaks (PII, reading habits, passwords, etc.).
-In case of HTML content, the script will contain the HTML you want to add and identify where to put it.
+== Personal scripts ==
-Use the following example to write your script.
+Individual editors can write customisations for themselves via [[Manual:Interface/JavaScript#Personal%20scripts|Personal scripts]] under their user account. These can also be shared peer-to-peer with other users.
+== Default site scripts ==
-<syntaxhighlight lang="javascript">
+Elected content administrators and on-wiki interface admins can develop JavaScript via [[Manual:Interface/JavaScript#Global%20scripts|site scripts]] such as Common.js or a [[Extension:Gadgets|Gadget]]. Both of these reside in the "MediaWiki" namespacec that is restricted to administrators.
+== Adding the HTML and JavaScript ==
+=== Creating the script ===
+[[jQuery]] is is bundled with MediaWiki core. You can write your script like this:<syntaxhighlight lang="javascript">
 $(function () {
-	var myElement = document.getElementById('mw-mywiki-example');
+	var myPlace = document.getElementById('tpl-example-placeholder');
-	myElement.innerHTML = 'any HTML';
+	myPlace.innerHTML = 'any HTML';
 }());
 </syntaxhighlight>
-[[jQuery]] is also shipped with MediaWiki core. You can write your script like this:
 <syntaxhighlight lang="javascript">
@@ Line 28: / Line 34: @@
 </syntaxhighlight>
+=== Separate script ===
-When copying the script, change <code>mw-mywiki-example</code> to the identifier you will use inside your wiki page.  For example, ''mw-unicornwiki-ads''.
-To add the HTML or JavaScript, change <code>any HTML</code> to whatever HTML code that you want.  Be careful about double and single quotes and use JavaScript escape characters where necessary.
-==== Separate script ====
 If your script gets too long or you want to keep snippets from a third-party library separate, you can create a new file in the MediaWiki namespace (ending in <code>.js</code>), e.g. <code>MediaWiki:Example.js</code>. And then instruct MediaWiki to import that script. To do this, add an import script instruction to MediaWiki:Common.js:
 <syntaxhighlight lang="javascript">
-mw.loader.load( '/w/index.php?title=MediaWiki:Example.js&action=raw&ctype=text/javascript' );
+importScript('MediaWiki:Example.js');
 </syntaxhighlight>
 === Enable on a wiki page ===
-To begin adding the new object to wiki pages, create a template.  For example, it could be called ''Template:Advertisement''.
+To display the widget on a wiki page, it is recommended to create a template in order to make it easy to re-use.  For example, it could be called ''Template:Example''.
 Add the following code to the template.  Make sure the ID matches the identifier you specified in your script earlier.
 <syntaxhighlight lang="html">
-<div id="mw-mywiki-example"></div>
+<div id="tpl-example-placeholder">...</div>
 </syntaxhighlight>
@@ Line 55: / Line 56: @@
 <pre>
-{{Advertisement}}
+{{Example}}
 </pre>
-==See also ==
-* [[Manual:Interface/JavaScript]]
 [[Category:JavaScript]]