Could be web browser issue, but the question on forum hasn't been aswered for almost 2 months…

As we don't want to serve any user-submitted HTML files, I have recently disabled serving anything in user upload directories as text/html.

IE6 rendering non- text/html files as as HTML is a security bug in IE, not ours, so we don't do anything about this.

If you wonder how serving user-submitted HTML files by Wikidot can be dangerous, it is because user include malicious JavaScript, that being run from the same domain as the wiki page would be ran at full privileges and potentially do bad things (like deleting all wikis of the currently logged user).

If you're interested in how we are going to host HTML files the right way, look at the following page:

http://groups.google.com/group/wikidot/browse_thread/thread/b0db300e0d02095a?hl=en

(Are you saying that the "workaround" of renaming files to .scrap has been disabled? I tested the "Hello World" thing a few days ago and it seemed to work.)

Anyway, today I "tricked" my wiki into running .php code that was included as a .css file inside an .html file that I iframed into a page.

I'd like to direct you to my wiki:

Karma-Lab wiki

I'm thinking it's starting to look pretty bitchin', but there are some formatting problems with different browsers. I've been searching for a solution to that, other than the sometimes ugly hacks people do to css files.

Let me explain: I am running a php fix on my site (not my wiki site, my main site) that uses php inside a css file, to determine browser type, and then to dynamically generate some fixes for the .css file to compensate for differences in browser display. In other words, I have my main css file with everything in it, and then this supplementary css file is included after it, which only generates a few things to tweak the appearance that is mainly governed by the main css file.

Note: credit for the basic idea goes to http://www.stylegala.com/articles/no_more_css_hacks.htm.

So I wanted to run this same kind of thing on my wiki. After spending nearly a whole day today, I got it to work! You can see it here on this sandbox page, which contains the details:

http://karma-lab.wikidot.com/misc:test-iframe-php

Now, I am planning to rely on this working to fix a few things, in addition to doing some other things, so I want to be sure that this is not "prohibited activity" and is not going to be disabled. I'm not a php expert, I don't know if this kind of thing can be used for malicious behavior.

Please tell me this is OK - I want to implement a number of things based on this sort of php inclusion. Thanks!

Hi

as we have seen many users relying on our security bug (which was ability to upload a HTML file with the extension .html renamed to something else), we've decided to provide such a functionality the right way.

If you want to have this possibility you need to slightly change the way you invoke the [iframe] tag.

Say, you have an iframe with the URL http://some-wiki.wikidot.com/local--files/some-page/some-file.html

You just need to change the domain name part and let it render: http://some-wiki.wdupload.wikidotsyndication.com/local--files/some-page/some-file.html

This file is safe for us to serve as text/html, and we do it.

Actually now ALL the files you want to be served as html NEED to have the .html suffix.

The feature is still beta, but should be quite stable. We will also manage to create some automagical redirects from the previous-style-links to the new one if a page is .html ended.

I have been trying to upload some html files to a site but they get re-tagged as "UTF-8 Unicode C program text". How can I keep the html tag?