Extension talk:Secure HTML

Discuss Extension:Secure HTML here:



'invalid hash' error

I always get Error: invalid hash --195.248.32.227 14:49, 16 August 2007 (UTC)
Why not consider another similar Extension:SecureHTML extension? Jean-Lou Dupont 14:53, 16 August 2007 (UTC)
Don't forget to edit your LocalSettings.php to include your primary and secondary key strings, otherwise you'll keep getting that error -- 01:47, 8 October 2007  Preceding unsigned comment added by 71.236.20.120 (talkcontribs)
I always get Error: invalid hash also, and I put in a primary and secondary key string in localsetting.php
Any suggestions?
Where does:
$shtml_keys = array(
      'primary key' => "key1",
      'another key' => "key2"
    );
Go in localsettings, or does it matter?
user:jldupont, I won't use Extension:SecureHTML because:
  1. I am running 1.7
  2. Installing two programs to make one program work seems like to much of a hassle. Why not combine both programs? Odessaukrain 08:04, 30 March 2008 (UTC)
i also get the Error: invalid hash, i wonder if i've found the solution: in my case i've got confused with the fields key name and key, so i've put the key name in both. once i've copied the key string in the key field everything worked perfectly - i love this ingenious extension. i'm quite embarrassed to admit such a silly mistake, but i guess it could happens to others, so laugh with me! ^____^ --Eumeme 01:40, 19 April 2008 (UTC)
I initially got "invalid hash" error too, later I recognized that I had a syntax error in my html code that I want to secure. After I correct that, everything works perfect. Thanks to the author! --24.6.151.20 01:11, 21 June 2008 (UTC)
I'm getting Error: invalid hash
Any advice?
Latest extension as of 25/09/12
I've even copied the code to test but it does not work!
$wgSecureHTMLSecrets = array(
'Wiki admin' => 'foo',
'developers' => 'bar',
'Support department' => 'baz',
);
Was there something else i should put in the localsettings.php page? I've copied and pasted exactly what it says on the page into the localsettingsfile 82.44.113.40 17:39, 25 September 2012 (UTC)
Hi all,
Not sure if anyone is still looking for solution but posting it for reference just in case.
The 'key secret' in the Special:SecureHTML page is the value of the array $wgSecureHTMLSecrets. Hopefully it helps.
Regards
Arshdeep
arsh_makker@yahoo.com 27.57.47.146 19:21, 5 January 2014 (UTC)

Works great

This works great. Thank you so much whoever did it. -- 80.58.205.45 - 20:07, 23 August 2007 10:27, 10 January 2012 (UTC)

a href issue

Secure html works really good. One issue, when i try to add some thing that has a <a href in it, when in the secure html special page it works fine. when i paste it into a wikitext elsewhere, the spam filter causes it to break. any ideas? tathagat.banerjee@interintel.org 10:27, 10 January 2012 (UTC)

Preview not rendered

If you have a working shtml template (locked to sysops) and edit it, the preview is not working. Annoying if you try out things or adjust layout though, you always have to save to see the change. --16:03, 7 February 2009 (UTC) 10:27, 10 January 2012 (UTC)

not really that secure

Unless i'm missing something this extension is not really secure. The user knows both the key and the input and thus can generate their own hash quite easily. Really the server should have a secret key only it knows about. Bawolff 01:34, 23 April 2010 (UTC) nevermind i misread the code. Bawolff 02:13, 23 April 2010 (UTC) 10:28, 10 January 2012 (UTC)

Fatal error message

When I tried to access "Special:SecureHTMLInput" I get the following error message.

"Fatal error: Cannot redeclare wfsecurehtmlextension() in /home/wiki/public_html/w/includes/specials/SpecialSecureHTMLInput.php on line 45". --Aramsahai 01:06, 8 May 2010 (UTC) 10:28, 10 January 2012 (UTC)

I also get an error and have crossed checked everything.
"Fatal error: Call to a member function addMessages() on a non-object in /home/content/42/4737242/html/wiki/extensions/SecureHTML/SecureHTML.php on line 52" —The preceding unsigned comment was added by an unknown user on a unknown date. 10:29, 10 January 2012 (UTC)
I get this error as well upgrading an pretty old version 1.8.4 and performing a Wiki move from current server to new server.
Got everything running on new server but Upgrading fails with this error:
[root@wikit maintenance]# php update.php
PHP Fatal error: Call to a member function addMessages() on a non-object in /var/www/html/mediawiki/extensions/SecureHTML.php on line 52
Were you able to resolve this? If so what did you do?
I also read http://www.mediawiki.org/wiki/Manual_talk:Upgrading#Call_to_a_member_function_addMessage.28.29_on_a_non-object_in
Stating "I just commented out the lines. It was no big deal." However, I'm not exactly sure what to comment out and where... =/ Furosh (talk) 17:57, 8 August 2012 (UTC)

PHP Error in SecureHTML.php

Notice: Undefined index: keyname in C:\xampp\htdocs\mediawiki\extensions\SecureHTML.php on line 59

This shows up after I have embedded some HTML (a Facebook Like Box) using an iframe. I am currently running WM-1.16 on a xampp server for development purposes, and I understand about turning off the error messages in PHP. Any suggestions about how to permanently remove it? Jim Vance 04:44, 26 October 2010 (UTC) 10:29, 10 January 2012 (UTC)

not working with more than 1 key?!

for me this extension was not working with more than one key in the array...

this is an "error" in the source of SecureHTML.php

$keyname = ($argv['keyname'] ? $argv['keyname'] : $keykeys[0]);

should be replaced with

$keyname = ($argv['hash'] ? $argv['hash'] : $keykeys[0]);

the other version doesnt make sense for me. --88.73.61.86 03:06, 22 May 2011 (UTC) 10:30, 10 January 2012 (UTC)

problem in function calling

Dear,

I want to display table from database using secure html in my article page. so what i did, design small html form consist name and email address and on submission it will chek regular expression or its exist or not in my table. but here what happen after submission it creating new page new of function file.

that is all limitation or i cant do like this.

<form method=post action="chek.php> email <input=text id=email> name<input=text id=name>

</form>


chek.php

contains code for cheking this..

is it possible to run like this in my article page.

help me? —The preceding unsigned comment was added by an unknown user on a unknown date. 10:30, 10 January 2012 (UTC)

Restrict Special Page?

Hi, I want to restrict the special page made for this to only administrators of the wiki, can someone tell me how I do this?

Thanks. --LittleRena 11:06, 28 October 2011 (UTC) 10:30, 10 January 2012 (UTC)

Bumping this since I have the same question.
The manual says "As of version 2.1, the special page is restricted to users who have the 'edit' right".
I can't confirm this since I can access the special page even as an anon.
I didn't set $wgSecureHTMLSpecialRight.
Is this a bug? Stefahn (talk) 14:18, 13 July 2013 (UTC)
Just for the record:
I found another way to restrict the special page by using Extension:Lockdown with this code:
$wgSpecialPageLockdown['SecureHTML'] = array('bureaucrat');
Replace "bureaucrat" with the user group that you would like to grant permission to the special page. Stefahn (talk) 12:41, 20 August 2013 (UTC)

Not working in version 1.18?

Hi all,

I have been unable to get this code to work after upgrading to the latest version. Anyone else have luck doing it? It appears some of the base code has changed that broke functions used by this extension. I took a few hours to try and troubleshoot it days ago, but gave up and found a workaround for I needed(Paypal donation button). I am now in need of adding it back in so that I can submit some other Paypal related code (for subscription to our maker-space). Thanks. —The preceding unsigned comment was added by an unknown user on a unknown date. 10:31, 10 January 2012 (UTC)

Hi!
The same happened to me, is there an alternative to it? 130.149.235.210 15:03, 21 June 2012 (UTC)

New major version available

Hi all. Wow, I didn't realize other people were actually using this, or I would have been around to keep it up to date!

I've released a new major version, as a properly packaged extension, (instead of copying code into random places), so everything goes into extensions/SecureHTML/. Please remove the old code, and install this instead.

Also, the hash format has changed. The old style (with the keys in $shtml_keys) is still supported for the moment without modification, but please convert your old snippets to the new version, with the keys in $wgSecureHTMLSecrets. The old compatibility will be removed sometime in the future. Fo0bar (talk) 02:18, 5 September 2012 (UTC)

Hi Fo0bar,
Thanks a lot for maintaining this great extension!
Regarding version 1: Do you plan to remove it only in the user interface on the special page or the overall compatibility?
I have used the old version on a massive scale on my wikis and I would need a lot of time to adapt everything to version 2 (since the hash values don't stay the same).
Is there a way to transfer the old hash values into the new ones with a algorithm or script?
Thanks! Stefahn (talk) 22:37, 20 February 2013 (UTC)
I intend to remove version 1 support completely someday, but there's no drive to do so, since it doesn't add much more complexity to the extension. But if it does become a problem, I will probably make more solid plans. Expect at least a year of transition.
There is no automated way to convert the snippets, but something could probably be written. The algorithm is pretty simple, and the pseudo-code of the conversion would be something like:
if((version == 1) && (hash == md5(secret + html)):
    version = 2
    hash = hmac_sha256(html, secret)
Fo0bar (talk) 20:51, 26 February 2013 (UTC)
Thanks for your reply!
Would you change the hashcodes with help of some MySQL code?
I can't think of any other way how to change the old hashcodes within the wikitext... Stefahn (talk) 18:19, 1 March 2013 (UTC)

Weird behavior with version 2.1

Hi.

Great to see this extension working again with MW 1.18+ :)

However, I am seeing some weird behaviour. If I have the following snippet:

<shtml hash="1b1f85db531edf9439f5dad57ace4f17"><input type=button value="Back" onClick="history.go(-1)"></shtml>

It results in the back button being displayed as desired, but next to it I get "Retrieved from http://www.prescientsoftware.co.uk/intranet/index.php?title=Test_Page&oldid=90"

This is with MW 1.19.2. Any idea what is going on?

Thanks! Mitchelln (talk) 16:38, 15 November 2012 (UTC)

I haven't been able to replicate your problem exactly, but I did find that in certain cases, parts of the raw HTML were being interpreted as wiki text. It might be related. Try the latest version (2.2.1), which has a fix for this. Fo0bar (talk) 06:25, 9 February 2013 (UTC)

Fatal error using MW 1.19.7 with SecureHTML v2.2.1

Hi, I got this fatal error trying to access to the Secure Special page
Fatal error: Cannot use object of type Message as array in /opt/lampp/htdocs/mw197/includes/parser/Preprocessor_DOM.php on line 288
added as told in my LocalSettings :
require_once( "$IP/extensions/SecureHTML/SecureHTML.php" );
$wgSecureHTMLSecrets = array(
'wiki' => 'pwwiki',
);
need your help, please ... Thks, Kris 92.163.114.198 23:35, 15 July 2013 (UTC)

Mixing html and wikitext

Hi thanks for a great extension. I just started playing with it, but I was wondering if it's possible to use wikitext variables inside the secureHTML tags. See this thread about raw html:https://www.mediawiki.org/wiki/Project%3ASupport%20desk/Flow/2014/01#h-%5BRESOLVED%5D_template_variables_within_html_tags-2014-01-28T13%3A13%3A00.000Z

Basically I'm looking to solve the same problem, but using this extension so I don't need to use raw html. Can one use the #tag function with this extension? If so any thoughts on how that is done? All the best. Christharp (talk) 23:36, 5 July 2014 (UTC)

it wont work with the side bar

Hi,

i am trying to add some html to side the sidebar and it is not taken,

does it works in the sidebar ?

Thanks 88.181.108.14 (talk) 19:20, 25 October 2015 (UTC)

Non-static method SecureHTML deprecated

Deprecated: Non-static method SecureHTML::secureHTMLRender() should not be called statically in /web/wiki/includes/parser/Parser.php on line 3867

Deprecated: Non-static method SpecialSecureHTML::trySubmit() should not be called statically in /web/wiki/includes/htmlform/HTMLForm.php on line 656

Any idea what's wrong ? DSwissK (talk) 13:39, 13 September 2017 (UTC)

I get a similar warning every time Secure HTML is called:
Strict Standards: call_user_func_array() expects parameter 1 to be a valid callback, non-static method SecureHTML::secureHTMLRender() should not be called statically in /mediawiki/includes/parser/Parser.php on line 4279
Just filed a bug report at https://phabricator.wikimedia.org/T180857 Stefahn (talk) 23:15, 17 November 2017 (UTC)

Dynamic values in <shtml/>

I am trying to use an anchor tag with a dynamic linnk provided by other template. But, it does shows the value. It only shows the var name {{{link}}}. Is this not implemented yet?

Thanks Jatin1697 (talk) 02:32, 2 August 2018 (UTC)

I got deprecated errors

"Notice: Undefined index: in /var/www/html/meaning.wiki/public_html/h/extensions/SecureHTML/SpecialSecureHTML.php on line 40

Deprecated: Use of OutputPage::addWikiText was deprecated in MediaWiki 1.32. [Called from SpecialSecureHTML::execute in /var/www/html/meaning.wiki/public_html/h/extensions/SecureHTML/SpecialSecureHTML.php at line 62] in /var/www/html/meaning.wiki/public_html/h/includes/debug/MWDebug.php on line 309

Deprecated: Use of disabling tidy was deprecated in MediaWiki 1.32. [Called from OutputPage::addWikiText in /var/www/html/meaning.wiki/public_html/h/includes/OutputPage.php at line 1760] in /var/www/html/meaning.wiki/public_html/h/includes/debug/MWDebug.php on line " Uziel302 (talk) 19:05, 13 July 2019 (UTC)

Error: $wgSecureHTMLSecrets is not populated.

What does this mean? Wikedneeded (talk) 12:10, 12 June 2021 (UTC)

Category:Talk pages using deprecated source tags