as it turned out when fixing a bug:
http://community.wikidot.com/bugs:iframe
people where using it (the bug!) to view HTML pages uploaded by they in
iframes. This was explained here:
http://snippets.wikidot.com/code:java-applets
I've found a simple solution to that. Say you have uploaded a file:
http://snippets.wikidot.com/local--files/code:java-applets/ChaosGame.html
What about having this server as text/plain (HTML source is rendering)
with the original address, and with the special URL:
http://static.snippets.wikidot.com/local--files/code:java-applets/ChaosGame.html
being server as text/html. This would solve the problem, because no
malicious JavaScript code would be run if having different domain name
(static.snippets.wikidot.com vs snippets.wikidot.com)
and users would get their iframes working (if they change the URL to
load into the iframe)
What do you think about this?
--
Piotr Gabryjeluk
Wikidot.com developer
this wouldn't work for now, because it's just an idea of how to solving
this. But this should work well, and this does not require so much work
from us.
I have an intresting question about this theme ( html iframed ) with PHP
scripts
http://community.wikidot.com/forum/t-52364/fixed-cannot-embed-local-html-fil
e
Please have a look and try to explain why this is working now under
Firefix...
( I do not understand why)
Regards
Helmut
-----Ursprüngliche Nachricht-----
Von: wik...@googlegroups.com [mailto:wik...@googlegroups.com] Im Auftrag
von Helmuti_pdorf
Gesendet: Samstag, 03. Mai 2008 10:39
An: temporary wikidot dev-list
Betreff: Re: Hosting HTML files the right way
I would be uploaded once (as you normally do), but it will be served on
two addresses:
1. the old one:
http://your-wiki.wikidot.com/local--files/page/file.html
2. the new one:
http://static.your-wiki.wikidot.com/local--files/page/file.html
with the difference of how it is served by our servers. The first HTML
file will be server as text/plain (and therefore your browser will
display the source of it).
The second file will be be server as text/html (and the browser will
normally render HTML).
So if you want to embed a HTML into an iframe you need to upload a file
as normally and then create a page with an iframe with "static" added
to the normally used address for the uploaded files.
Hope this clarifies the idea.
Dnia 2008-05-03, o godz. 01:39:04
Helmuti_pdorf <helmut.e...@kabsi.at> napisał(a):
this works fine (on any browser) because the files are not on the
Wikidot servers. It is safe too iframe, embed or link ANY file from
outside of Wikidot, so we don't restrict that.
Regards,
Piotr
Dnia 2008-05-03, o godz. 10:50:11
"Helmut Eichberger" <helmut.e...@kabsi.at> napisał(a):
as we have seen many users relying on our security bug (which was
ability to upload a HTML file with the extension .html renamed to
something else), we've decided to provide such a functionality the
right way.
If you want to have this possibility you need to slightly change the
way you invoke the [iframe] tag.
Say, you have an iframe with the URL
http://some-wiki.wikidot.com/local--files/some-page/some-file.html
You just need to change the domain name part and let it render:
http://some-wiki.wdupload.wikidotsyndication.com/local--files/some-page/some-file.html
This file is safe for us to serve as text/html, and we do it.
Actually now ALL the files you want to be served as html NEED to have
the .html suffix.
The feature is still beta, but should be quite stable. We will also
manage to create some automagical redirects from the
previous-style-links to the new ones if a file has .html suffix,
so
http://some-wiki.wikidot.com/local--files/some-page/some-file.html
redirects automaticaly to
http://some-wiki.wdupload.wikidotsyndication.com/local--files/some-page/some-file.html
THIS ONE IS NOT YET DONE!
Regards