Hosting HTML files the right way

38 views
Skip to first unread message

Piotr Gabryjeluk

unread,
May 2, 2008, 5:00:32 PM5/2/08
to wik...@googlegroups.com
Hello,

as it turned out when fixing a bug:

http://community.wikidot.com/bugs:iframe

people where using it (the bug!) to view HTML pages uploaded by they in
iframes. This was explained here:

http://snippets.wikidot.com/code:java-applets

I've found a simple solution to that. Say you have uploaded a file:

http://snippets.wikidot.com/local--files/code:java-applets/ChaosGame.html

What about having this server as text/plain (HTML source is rendering)
with the original address, and with the special URL:

http://static.snippets.wikidot.com/local--files/code:java-applets/ChaosGame.html

being server as text/html. This would solve the problem, because no
malicious JavaScript code would be run if having different domain name

(static.snippets.wikidot.com vs snippets.wikidot.com)

and users would get their iframes working (if they change the URL to
load into the iframe)

What do you think about this?
--
Piotr Gabryjeluk
Wikidot.com developer

shawn.h...@gmail.com

unread,
May 2, 2008, 5:03:57 PM5/2/08
to temporary wikidot dev-list
I haven't tried this, but if it works, that's a great workaround. A
better solution would be to have IFRAMEd HTML docs automatically be
sourced from the static subdomain. Also, in the IFRAME, you could
include an option to view source only : [[iframe source="yes"]].
Default would be "no".

-- Shawn

On May 2, 4:00 pm, Piotr Gabryjeluk <pi...@wikidev.lastlook.pl> wrote:
> Hello,
>
> as it turned out when fixing a bug:
>
> http://community.wikidot.com/bugs:iframe
>
> people where using it (the bug!) to view HTML pages uploaded by they in
> iframes. This was explained here:
>
> http://snippets.wikidot.com/code:java-applets
>
> I've found a simple solution to that. Say you have uploaded a file:
>
> http://snippets.wikidot.com/local--files/code:java-applets/ChaosGame....
>
> What about having this server as text/plain (HTML source is rendering)
> with the original address, and with the special URL:
>
> http://static.snippets.wikidot.com/local--files/code:java-applets/Cha...

Piotr Gabryjeluk

unread,
May 2, 2008, 5:06:39 PM5/2/08
to wik...@googlegroups.com
Hi

this wouldn't work for now, because it's just an idea of how to solving
this. But this should work well, and this does not require so much work
from us.

shawn.h...@gmail.com

unread,
May 2, 2008, 5:12:38 PM5/2/08
to temporary wikidot dev-list
You know what I say. :) Brainstorm first. Plan second. Program
last. :)

-- Shawn

Helmuti_pdorf

unread,
May 3, 2008, 4:39:04 AM5/3/08
to temporary wikidot dev-list
I do not understand how the txt ( html format) file can be upladed to
the static.snippets...domain

How can I for my own create such sub domain ?


On May 2, 11:00 pm, Piotr Gabryjeluk <pi...@wikidev.lastlook.pl>
wrote:
> Hello,
>
> as it turned out when fixing a bug:
>
> http://community.wikidot.com/bugs:iframe
>
> people where using it (the bug!) to view HTML pages uploaded by they in
> iframes. This was explained here:
>
> http://snippets.wikidot.com/code:java-applets
>
> I've found a simple solution to that. Say you have uploaded a file:
>
> http://snippets.wikidot.com/local--files/code:java-applets/ChaosGame....
>
> What about having this server as text/plain (HTML source is rendering)
> with the original address, and with the special URL:
>
> http://static.snippets.wikidot.com/local--files/code:java-applets/Cha...

Helmut Eichberger

unread,
May 3, 2008, 4:50:11 AM5/3/08
to wik...@googlegroups.com
Hi Gabrys!

I have an intresting question about this theme ( html iframed ) with PHP
scripts

http://community.wikidot.com/forum/t-52364/fixed-cannot-embed-local-html-fil
e

Please have a look and try to explain why this is working now under
Firefix...

( I do not understand why)

Regards
Helmut


-----Ursprüngliche Nachricht-----
Von: wik...@googlegroups.com [mailto:wik...@googlegroups.com] Im Auftrag
von Helmuti_pdorf
Gesendet: Samstag, 03. Mai 2008 10:39
An: temporary wikidot dev-list
Betreff: Re: Hosting HTML files the right way

Piotr Gabryjeluk

unread,
May 3, 2008, 4:53:46 AM5/3/08
to wik...@googlegroups.com
Hello Helmuti,

I would be uploaded once (as you normally do), but it will be served on
two addresses:

1. the old one:

http://your-wiki.wikidot.com/local--files/page/file.html

2. the new one:

http://static.your-wiki.wikidot.com/local--files/page/file.html

with the difference of how it is served by our servers. The first HTML
file will be server as text/plain (and therefore your browser will
display the source of it).

The second file will be be server as text/html (and the browser will
normally render HTML).

So if you want to embed a HTML into an iframe you need to upload a file
as normally and then create a page with an iframe with "static" added
to the normally used address for the uploaded files.

Hope this clarifies the idea.

Dnia 2008-05-03, o godz. 01:39:04
Helmuti_pdorf <helmut.e...@kabsi.at> napisał(a):

Piotr Gabryjeluk

unread,
May 3, 2008, 5:07:31 AM5/3/08
to wik...@googlegroups.com
Hello,

this works fine (on any browser) because the files are not on the
Wikidot servers. It is safe too iframe, embed or link ANY file from
outside of Wikidot, so we don't restrict that.

Regards,
Piotr

Dnia 2008-05-03, o godz. 10:50:11
"Helmut Eichberger" <helmut.e...@kabsi.at> napisał(a):

Piotr Gabryjeluk

unread,
May 10, 2008, 4:07:20 PM5/10/08
to wik...@googlegroups.com
Hello,

as we have seen many users relying on our security bug (which was
ability to upload a HTML file with the extension .html renamed to
something else), we've decided to provide such a functionality the
right way.

If you want to have this possibility you need to slightly change the
way you invoke the [iframe] tag.

Say, you have an iframe with the URL
http://some-wiki.wikidot.com/local--files/some-page/some-file.html

You just need to change the domain name part and let it render:
http://some-wiki.wdupload.wikidotsyndication.com/local--files/some-page/some-file.html

This file is safe for us to serve as text/html, and we do it.

Actually now ALL the files you want to be served as html NEED to have
the .html suffix.

The feature is still beta, but should be quite stable. We will also
manage to create some automagical redirects from the
previous-style-links to the new ones if a file has .html suffix,
so

http://some-wiki.wikidot.com/local--files/some-page/some-file.html

redirects automaticaly to

http://some-wiki.wdupload.wikidotsyndication.com/local--files/some-page/some-file.html

THIS ONE IS NOT YET DONE!

Regards

Reply all
Reply to author
Forward
0 new messages