Replacements for the Widgets extension
Following the permanent removal of the Widgets extension due to a security vulnerability, and the potential for future risk, here are some viable replacement options:
Extensions: the EmbedVideo, TimedMediaHandler, Video, or YouTube extensions may be viable replacements.
JavaScript:
$( '#discord-widget' ).html( '<iframe src="https://discord.com/widget?id={SERVER_ID}&theme=dark" width="{WIDTH}" height="{HEIGHT}" allowtransparency="true" frameborder="0" sandbox="allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts"></iframe>' );
HTML:
<div id="discord-widget"></div>
- Add the JavaScript to either MediaWiki:{Skin}.js, or MediaWiki:Common.js
- Add the HTML to any wiki page or template you wish to display the embedded IFrame.
Note: If the URL you are attempting to frame is blocked by the Miraheze content security policy, it will not work. The current URLs that will work (as of 2022-11-1) are listed below:
# Only add a domain pursuant to the policy below. Please also be restrictive in which list. # See https://meta.miraheze.org/wiki/Tech:CSP_Policy. default-src: - "'self'" - '*.miraheze.org' - '*.betaheze.org' script-src: - 'blob:' - "'self'" - "'unsafe-inline'" - "'unsafe-eval'" - '*.miraheze.org' - '*.betaheze.org' - '*.wikimedia.org' - '*.wikipedia.org' - '*.wikibooks.org' - '*.wiktionary.org' - '*.wikiquote.org' - '*.wikisource.org' - '*.wikiversity.org' - '*.wikinews.org' - '*.wikivoyage.org' - 'mediawiki.org' - 'www.mediawiki.org' - 'wikidata.org' - 'www.gstatic.com' - 'www.google.com' - 'www.recaptcha.net' - 'platform.twitter.com' - 'wiki-assets.sumin.wiki' - 'cdnjs.cloudflare.com' - 'cdn.jsdelivr.net' - 'cdn.syndication.twimg.com' - 'scratchblocks.github.io' - 'openlayers.org' - 'phab.miraheze.wiki' - 'www.gstatic.cn' style-src: - "'self'" - 'data:' - "'unsafe-inline'" - '*.miraheze.org' - '*.betaheze.org' - '*.wikimedia.org' - '*.wikipedia.org' - '*.wikibooks.org' - '*.wiktionary.org' - '*.wikiquote.org' - '*.wikisource.org' - '*.wikiversity.org' - '*.wikinews.org' - '*.wikivoyage.org' - 'mediawiki.org' - 'www.mediawiki.org' - 'wikidata.org' - 'www.gstatic.com' - 'fonts.googleapis.com' - 'cdn.jsdelivr.net' - 'platform.twitter.com' - 'ton.twimg.com' - 'phab.miraheze.wiki' img-src: - 'blob:' - "'self'" - 'data:' - '*.miraheze.org' - '*.betaheze.org' - 'upload.wikimedia.org' - 'wikimedia.org' - 'maps.google.com' - 'www.gstatic.com' - 'maxcdn.bootstrapcdn.com' - '*.twimg.com' - 'i.imgur.com' - 'image.tmdb.org' - '*.googleusercontent.com' - '*.fontawesome.com' - '*.dropboxstatic.com' - '*.redd.it' - '*.redditmedia.com' - 'mirrors.creativecommons.org' - 'www.gnu.org' - 'live.staticflikr.com' - 'cdn.pixabay.com' - 'cdn.geogebra.org' - 'scratchblocks.github.io' - 'docs.blender.org' - '*.imgbox.com' - 'tile.openstreetmap.org' - '*.tile.openstreetmap.org' - 'cdn.discordapp.com' - 'na.llnet.sims3storee.cdn.ea.com' - '*.fastly.net' - 'minotar.net' - 'db.onlinewebfonts.com' - 'openlayers.org' - 'discordapp.com' - 'imgbb.com' - 'postimages.org' - 'platform.twitter.com' - 'syndication.twitter.com' - 'img.newspapers.com' - 'cdn.smutstone.com' - 'storage.googleapis.com' - 'phab.miraheze.wiki' - '*.fbcdn.net' font-src: - "'self'" - 'data:' - '*.miraheze.org' - '*.betaheze.org' - 'fonts.gstatic.com' - 'cdn.jsdelivr.net' - 'db.onlinewebfonts.com' - 'phab.miraheze.wiki' - 'upload.wikimedia.org' media-src: - "'self'" - 'blob:' - '*.miraheze.org' - '*.betaheze.org' - 'upload.wikimedia.org' - 'embed.nicovideo.jp' - '*.youtube.com' - '*.youtube-nocookie.com' - 'player.twitch.tv' - 'clips.twitch.tv' - 'player.vimeo.com' frame-src: - "'self'" - '*.miraheze.org' - '*.betaheze.org' - 'www.google.com' - 'docs.google.com' - 'www.recaptcha.net' - 'web.libera.chat' - 'snap.berkeley.edu' - '*.youtube-nocookie.com' - 'www.youtube.com' - 'player.twitch.tv' - 'platform.twitter.com' - 'discord.com' - 'discordapp.com' - 'embed.nicovideo.jp' - 'syndication.twitter.com' - 'open.spotify.com' - 'www.gofundme.com' - 'archive.org' - 'w.soundcloud.com' - 'query.wikidata.org' - 'player.vimeo.com' - 'www.bing.com' - 'lucid.app' connect-src: - "'self'" - '*.miraheze.org' - '*.betaheze.org' - 'www.wikidata.org' - '*.wikipedia.org' - 'www.mediawiki.org' - '*.wikimedia.org' - '*.wikinews.org' - '*.wiktionary.org' - 'cdn.jsdelivr.net' - 'storage.googleapis.com' |