Last modified: 2013-09-29 13:43:01 UTC
I know there are security concerns with <embed>, <object>, and <iframe>. So why not a version of <embed> that allows only files uploaded to Wikimedia servers? This would help me with problems like what I discussed at [http://commons.wikimedia.org/wiki/Commons:Graphic_Lab_School/Images_to_improve#Need_a_way_to_turn_21_seperate_images_into_a_single_app-like_image.]
(Just going through some old bugs and updating...) Discussion linked above got archived to: https://commons.wikimedia.org/wiki/Commons:Graphic_Lab_School/Images_to_improve/Archive/Resolved_2#Need_a_way_to_turn_21_seperate_images_into_a_single_app-like_image. This sort of request could be handled with something like the EmbedScript extension I did some experiments on last year: https://www.mediawiki.org/wiki/Extension:EmbedScript This allows writing arbitrary JavaScript code and HTML to be displayed in an <iframe>, using a separate domain as an in-browser security layer to isolate the running code from the rest of the wiki. See also bug 54213, a newer tracking bug for more purpose-built systems that the multimedia group may be working on soon...