[{TableOfContents}]

!!!Introduction
[{InsertPage page='SecurityRisk'}]
The [transclusion|TranscludePlugin] and [insert|InsertPlugin] plugin will insert a
wiki page by name. Include will include a jsp
page. Redirection allows me to replace a page.

There are circumstances that including external pages or cross-application/cross-context pages are necessary. The following plugin will allow you to do so. 
----
Is there any way to include a page identified
by an arbitrary URL? I have a CGI that returns
some html that i would like included in a page.

--Anonymous

Sorry, at the moment there is no way to do it.  If someone would like to hack the IncludePage plugin to do that (by for example using the JakartaHttpClient library, that would be cool.

----

!!!Version 1 - without iFrame

--JanneJalkanen, 01-Oct-2003



Here is my take on it. It's not as useful as i was hoping because
all the supporting links won't work. I think instead i need
to redirect into a frame or new window.

Source code file [InsertAnyPagePlugin.java] as shown below:

%%collapsebox-closed
!!Source code

{{{
package com.ecyrd.jspwiki.plugin;

import com.ecyrd.jspwiki.*;
import com.ecyrd.jspwiki.plugin.*;

import java.util.*;
import java.net.*;
import java.io.*;


/**
 *  Insert content into a WikiPage. This plugin supports inserting several
 *  kinds of content.
 * 
 *  <B>Parameters</B>
 *  <UL>
 *    <LI>wikiPageName - The wiki page name to be inserted.
 *    <LI>urlToHtml - The URL to the html page to be inserted.
 *  </UL>
 */
public class InsertAnyPagePlugin implements WikiPlugin
{
    public static final String PARAM_WIKI_PAGE_NAME = "wikiPageName";
    public static final String PARAM_URL_TO_HTML = "urlToHtml";

    public static void main(String[] args) 
    {
        try 
	{
            String url= "http://www.google.com";

            System.err.println("Start InsertAnyPagePlugin URL=" + url);

	    InsertAnyPagePlugin plugin= new InsertAnyPagePlugin();
            System.err.println(plugin.getUrlToHtml(url));
        } 
	catch (Exception e) 
	{
            e.printStackTrace();
        }
    }


    public String execute(WikiContext context, Map params)
    throws PluginException
    {
        // Dispatch to the correct page getting method based on the passed in
        // page name.
        
	String wikiPageName = (String) params.get(PARAM_WIKI_PAGE_NAME);
	if (wikiPageName != null)
        {
           return getWikiPage(context, wikiPageName);
        }

	String urlToHtml = (String) params.get(PARAM_URL_TO_HTML);
	if (urlToHtml != null)
        {
           return getUrlToHtml(urlToHtml);
        }
           
        return "no page found";
    }


    /**
     * Get the html representation of a wiki page.
     *
     * @return a string containing the html page
     */
    public String getWikiPage(WikiContext context, String wikiPageName)
    throws PluginException
    {
        WikiEngine engine = context.getEngine();

	// We should now have a page to insert.
        //
        WikiPage wpage = engine.getPage(wikiPageName);

	// Lets make sure we got a page
        //
	if (wpage == null)
	    return "'" + wikiPageName + "' page not found";
	else
	    return engine.getHTML(context, wpage);
   }

    /**
     * Get the html content of a URL. The URL must point to an html page.
     *
     * @param The URL to the html page
     * @return a string containing the html page
     */
    public String getUrlToHtml(String urlToHtml)
    throws PluginException
    {
        try 
	{
            URL url= new URL(urlToHtml);
            URLConnection connection= url.openConnection();
	    printInfo(connection);

	    return cvtToString(connection);
        } 
	catch (Exception e) 
        {
           throw new PluginException("Failed to get URL=" + urlToHtml, e);
        }
    }

    /**
     * Print attributes about a connection.
     * 
     * @param u the connection to print out information about.
     */
    public static void printInfo(URLConnection u) throws IOException 
    {
        // Display the URL address, and information about it.
        System.out.println(u.getURL().toExternalForm() + ":");
        System.out.println("  Content Type: " + u.getContentType());
        System.out.println("  Content Length: " + u.getContentLength());
        System.out.println("  Last Modified: " + new Date(u.getLastModified()));
        System.out.println("  Expiration: " + u.getExpiration());
        System.out.println("  Content Encoding: " + u.getContentEncoding());
    }

    /**
     * Converts a connection to a string representation. Assumes the underlying
     * content can be represented as a string.
     */
    public static String cvtToString(URLConnection u) throws IOException 
    {
        byte[] b= new byte[u.getContentLength()];
        DataInputStream ds= new DataInputStream(u.getInputStream());
	ds.readFully(b);

        return new String(b);
    }    

}
}}}

%%

You can try 

[https://open.datacore.ch/DCwiki.open/Wiki.jsp?page=InsertPagePlugin]

This plugin uses to work fine with v2.2 but with v2.4, it throws a funny exception : "org.bouncycastle ... class not found"


--[RealGagnon], 15-Sep-2006

!!!Version 2 - with iFrame

!!IFrame plugin

It is worthwhile to take a look at the [IFramePlugin] as well.

!! Web clipping plugin

Had the same problem and solved that with IFRAMEs.

Source code file [WebClipping.java] as shown below:

%%collapsebox-closed
!Source code

{{{
package com.ecyrd.jspwiki.plugin;

import java.util.Map;

import org.apache.log4j.Logger;

import com.ecyrd.jspwiki.WikiContext;
import com.ecyrd.jspwiki.WikiEngine;
import com.ecyrd.jspwiki.plugin.WikiPlugin;


public class WebClipping implements WikiPlugin {

    private static final Logger log = Logger.getLogger(WikiEngine.class);


    /** The complete HTML and JavaScript code for the clipping */
    private String clipping;

    public static WikiContext wikiContext;

    /**
     * Creates the JavaScript code which is needed to show the plugin on the
     * jspwiki.
     */
    public String execute(WikiContext context, Map params) {
        
        WebClipping.wikiContext = context;
        
        String URL           = (String) params.get("URL");
        String width         = (String) params.get("width");
        String height        = (String) params.get("height");
        String name          = (String) params.get("name");
        String longdesc      = (String) params.get("longdesc");
        String frameborder   = (String) params.get("frameborder");
        String marginwidht   = (String) params.get("marginwidht");
        String marginheight  = (String) params.get("marginheight");
        String scrolling     = (String) params.get("scrolling");
        String align         = (String) params.get("align");
        String vspace        = (String) params.get("vspace");
        String hspace        = (String) params.get("hspace");

        log.debug("URL =" + URL );
        
        clipping = "<!-- Start of WebClipping Code -->\n";
        if (URL == null)
        {
            clipping +="<p>WebClipping plugin<BR>";
            clipping +="Mandatory parameter \"URL\" is missing</p>";
        }
        else
        {
            clipping += "<IFRAME";
            clipping += " SRC=\""    +URL+"\"";
            if (width        != null) clipping += " WIDTH=\""        +width+"\"";
            if (height       != null) clipping += " HEIGHT=\""       +height+"\"";
            if (frameborder  != null) clipping += " FRAMEBORDER=\""  +frameborder+"\"";
            if (marginwidht  != null) clipping += " MARGINWIDTH=\""  +marginwidht+"\"";
            if (marginheight != null) clipping += " MARGINHEIGHT=\"" +marginheight+"\"";
            if (scrolling    != null) clipping += " SCROLLING=\""    +scrolling+"\"";
            if (align        != null) clipping += " ALIGN=\""        +align+"\"";
            /* these two a not standard HTML */ 
            if (vspace       != null) clipping += " VSPACE=\""       +vspace+"\"";
            if (hspace       != null) clipping += " HSPACE=\""       +hspace+"\"";
            /* these two actually make no sense in the context of this pluging */ 

            if (name         != null) clipping += " NAME=\""         +name+"\"";
            if (longdesc     != null) clipping += " LONGDESC=\""     +longdesc+"\"";
            clipping += ">\n";
            clipping += "Your browser doesn't understand IFRAME. \n";
            clipping += "Click following link to open the content in a new window: \n";
            clipping += "<A HREF=\""+ URL +"\" TARGET=\"_blank\">link</A> </IFRAME>\n";
        }
        clipping += "<!-- End of WebClipping Code -->\n";
        
        return clipping;

    }

}
}}}

%%

!Parameter

Hepltext only available in german...

WebClipping wird vom Microsoft Internet Explorer ab Version 3.x interpretiert, von Netscape ab Version 6.0.



;__URL__ = '' 'URI' '': Für URI eine Web-Adresse oder ein Ziel mit oder ohne Pfad der gewünschten Datei angeben, die im Fenster angezeigt werden soll. Notwendig.

;__width__ = '' 'numerisch/prozentual' '': Breite des eingefügten Conten. Optional. 
;__height__ = '' 'numerisch/prozentual' '': Höhe des eingefügten Content. Optional.
;'''': Für width und height eine Zahl wie z.B. 100 für Pixel angeben, oder einen Prozentwert wie z.B. 60% für Größe in Bezug auf Umgebung.

;__frameborder__ = '' 'numerisch' '': Rahmendicke/unsichtbare Rahmen. Optional.
;'''': Mit frameborder="0" können Sie den sichtbaren Außenrahmen des eingebetteten Frames unterdrücken. frameborder="1" ist die Voreinstellung.

;__marginwidht__ = '' 'numerisch' '': Fensterrand links und rechts. Optional.
;__marginheight__ = '' 'numerisch' '': Fensterrand oben und unten. Optional.
;'''': Eine Zahl wie z.B. 10 notieren, um den Pixelabstand von Fensterrand zum Fensterinhalt zu bestimmen.

;__scrolling__ = '' 'yes/no/auto' '': Anzeige von Scollbars am eingefügten Content. Optional.
;'''': Mit scrolling="yes" können Sie Scrollbars (Bildlaufleisten) in dem eingebetteten Frame erzwingen.
;'''': Mit scrolling="no" unterdrücken. 
;'''': Mit scrolling="auto" können Sie ebenfalls angeben, doch dies entspricht der Voreinstellung.

;__align__ = '' 'left/right' '': Ausrichtung des eingebetteten Content. Optional.
;'''': Mit align="left" richten Sie den eingebetteten Frame links aus. Nachfolgende Inhalte fließen dann rechts um den Frame. 
;'''': Mit align="right" richten Sie den eingebetteten Frame rechts aus und nachfolgende Inhalte fließen links um den Frame. 
;'''': Dieses Attribut ist jedoch als deprecated eingestuft und durch die CSS-Eigenschaft text-align ersetzbar (z.B. style="text-align:left").

;__style__ = '' 'CSS-Definition' '': CSS-Definitionen auf das Fenster anwenden. Optional.
;'''': Für mögliche Werte schauen Sie bitte z.B. bei SelfHTML nach.

!Installation

Copy the [WebClipping.jar] to the WEB-INF\lib folder and follow the "Example" section below to use the class.

!Example
{{{
[{INSERT WebClipping URL='https://192.168.220.1/JSPWiki' width='100%' height='550' frameborder='0'}]
}}}


--JoergL, 28-Feb-2007


----

I cannot even begin to describe what a bad idea this is. JSPWiki should NOT be used to render the contents of arbitary URLs. Anybody who wants to try doing this is just __begging__ for their site to be a haven for links to malware sites.

Please please please reconsider this idea. It is exceptionally dangerous, and I consider it to be a giant security hole that we should close immediately.

--AndrewJaquith, 28-Feb-2007


----

Well, for ''internal'' use this might be useful.

However, this is an XSS attack / malware spreading heaven, I agree.

--JanneJalkanen, 28-Feb-2007


----

I agree, I wouldn't use the above code on a public server! However, I use it in an environment with well known users that have to log in.

--JoergL, 28-Feb-2007

Agree. Although it is very dangerous to use on a public server, it is still useful under controlled environment, e.g. limited number of users and all of them are trusted, limited linkage to other HTML/JSP pages on different application but in the same J2EE container.

--[Kevin Yuen], 23-Jan-2009