Magic Words for inserted content


DarTar suggested I open a discussion page regarding PseudoFormatters, which are potentially wonderful but can grow out of control.

The concept of the PseudoFormatters is excellent - a way to use the server to dynamically insert content into an entry on save. The content is substituted at the point in the syntax it is requested, and is limited only by what may be programmed. The example used is a signature markup to insert the user's WikiName, with a timestamp, or the timestamp alone.

The PseudoFormatters are specific magic words; they will magically be replaced by the appropriate content. However, as soon as you create the signature cantrip, I would personally be wanting to have:

Each of these can be very useful, but the idea of accreting dozens to hundreds of special magic words does not seem to be the best idea for the parser or the project's goal of a lightweight wiki.

Alternative schemes


There are routes around the feeping creaturism of the above model. Here are a couple of them.
  1. Provide access to the system variables in the parser.
  2. Provide an interface for defining variables.

One method brought up in IRC discussion was to provide an alternative markup which could be used to tell the parser to replace the content with the value of a system variable. Placing the variable name inside doubled greaterthan / lessthan symbols leaves it readily parsed and simply substituted. e.g. <<tag>> would be substituted with the pagename. This could provide a security risk without some method for blacklisting/whitelisting variables available since the database username and password would theoretically be available, as well as other vulnerabilities.

A second method is more complex, but provides both for greater security and greater security risk: provide an interface for designing magic words on a system. A simple MySQL table could be created with variable names and their substitution values such as:

VAR SUBSTITUTE
pagename $tag
dayofweek date('l')


Clearly this second method introduces the possibility of php insertion vulnerabilities, so should not be a browser-editable item although I could see such a system being implemented using a wiki page.

Discuss

Please discuss.
One thing I forgot to mention is a substitution syntax. Having any magicwords scheme is going to slow down page parsing on view. Adding a substitution syntax will allow the variable value to be replace the magicword in the actual page source. Use the above example variables, {{subst:pagename}} and {{dayofweek}} would be replaced by the value of $tag and <?php date('l') ?>, respectively. This syntax mirrors the mediawiki syntax, allowing for easier migration, but there may very well be a standard wikitax for the same concept which should be prefered.
There are no comments on this page.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki