I am trying to make Widget:Iframe more secure, by validating an entered url against a list of whitelisted urls inside the MediaWiki-namespace. The widget itself allows any url, but it seems impossible to do something more secure that this widget already did, without hacking a file on the server or using parserfunctions. Allowing parserfunctions would make it possible to make even more advanced widgets, but might be a little tricky.
Version: unspecified
Severity: enhancement