On Fri, Mar 15, 2013 at 11:47 PM, Daniel Friesen <[email protected] > wrote:
> On Thu, 14 Mar 2013 12:55:16 -0700, Brion Vibber <[email protected]> > wrote: > > Text captchas will have a 'question' subfield to be presented; image >> captchas will have a 'url' field which should be loaded as the image. >> 'type' and 'mime' will vary, and probably shouldn't be used too closely. >> > > Some captchas (iirc ReCaptcha) won't give you easy access to the image. > And this plan won't be compatible with the variety of new captcha types > like the KittenAuth-like category of CAPTCHAs. > Differentiating between the types just to support text CAPTCHAs (which are > really the easiest CAPTCHAs to break) also sounds unfortunate. > I should point out that I haven't invented this just now; this system has been in place for at least a couple of years for action=edit and action=login. > We might just have to do something that outputs a blob of html or a url to > a html document (either perhaps as a frame url or a url to fetch the blob > of html from). > *nod* Let's make it a URL if possible; that can be exposed as an iframe in web apps or a web view of some kind for native apps, without exposing HTML injection. If we get all the captcha plugins retrofitted it'd be great to document the system better for bot & client tool authors. :) -- brion
_______________________________________________ Mediawiki-api mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-api
