[Wikidata-bugs] [Maniphest] [Commented On] T168264: Security review of vue.js library

dpatrick added a comment. Many apologies for the delay here. I reviewed this back in June, failed to add my notes, then re-reviewed last week due to code changes since the last time I looked at it. I found no issues while reviewing this library. I checked for the following: XSS via unescaped

[Wikidata-bugs] [Maniphest] [Commented On] T159709: Security review for WikibaseMediaInfo extension

dpatrick added a comment. @Lydia_Pintscher Ping.TASK DETAILhttps://phabricator.wikimedia.org/T159709EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: dpatrickCc: dpatrick, Ricordisamoa, Aklapper, Lydia_Pintscher, QZanden, Acer, D3r1ck01, Izno, Luke081515

[Wikidata-bugs] [Maniphest] [Commented On] T99358: [Task] Security review of Wikibase-Quality-External-Validation branch master

dpatrick added a comment. @Lydia_Pintscher, can you give us an update on this ticket?TASK DETAILhttps://phabricator.wikimedia.org/T99358EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: csteipp, dpatrickCc: dpatrick, Lydia_Pintscher, gerritbot, soeren.oldag

[Wikidata-bugs] [Maniphest] [Commented On] T159709: Security review for WikibaseMediaInfo extension

dpatrick added a comment. @Lydia_Pintscher, can you update the description of this ticket with the information requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Thanks!TASK DETAILhttps://phabricator.wikimedia.org/T159709EMAIL PREFERENCEShttps

[Wikidata-bugs] [Maniphest] [Declined] T69118: Security review of PubSubHubbub extension

dpatrick closed this task as "Declined".Herald removed a subscriber: Liuxinyu970226. TASK DETAILhttps://phabricator.wikimedia.org/T69118EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: csteipp, dpatrickCc: dpatrick, Aklapper, Jimkont, Wikidata-

[Wikidata-bugs] [Maniphest] [Updated] T103912: [Task] Ex:WikibaseQualityExternalValidation - performance review of Special:CrossCheck

dpatrick removed a project: Security-Reviews. TASK DETAILhttps://phabricator.wikimedia.org/T103912EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: dpatrickCc: StudiesWorld, Lydia_Pintscher, aaron, Wikibase-Quality-External-Validation, Aklapper, Liuxinyu970226

[Wikidata-bugs] [Maniphest] [Commented On] T69118: Security review of PubSubHubbub extension

dpatrick added a comment. Is this review still needed? We will assume not if no response is given by August 18th, 2016.TASK DETAILhttps://phabricator.wikimedia.org/T69118EMAIL PREFERENCEShttps://phabricator.wikimedia.org/settings/panel/emailpreferences/To: csteipp, dpatrickCc: dpatrick, Aklapper

[Wikidata-bugs] [Maniphest] [Commented On] T65808: Allow cross-site domain access from (tools) Labs via CORS

dpatrick added a comment. This task may be rendered moot if "Access-Control-Allow-Origin: *" is implemented, re. https://phabricator.wikimedia.org/T62835. Absent that, I think it would be safe to allow read-only access from labs by adding the domain(s) to the

[Wikidata-bugs] [Maniphest] [Changed Project Column] T65808: Allow cross-site domain access from (tools) Labs via CORS

dpatrick moved this task to In Progress on the Security-Team workboard. TASK DETAIL https://phabricator.wikimedia.org/T65808 WORKBOARD https://phabricator.wikimedia.org/project/board/1179/ EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: dpatrick

[Wikidata-bugs] [Maniphest] [Claimed] T65808: Allow cross-site domain access from (tools) Labs via CORS

dpatrick claimed this task. TASK DETAIL https://phabricator.wikimedia.org/T65808 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: dpatrick Cc: Aklapper, csteipp, Matanya, Jdlrobson, Krenair, hoo, JanZerebecki, He7d3r, Petrb, Magnus, Snowolf, wikibugs

[Wikidata-bugs] [Maniphest] [Triaged] T115788: Wikidata query endpoint shouldn't return traceback when an error is encountered

dpatrick triaged this task as "Low" priority. dpatrick set Security to None. TASK DETAIL https://phabricator.wikimedia.org/T115788 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: dpatrick Cc: hoo, Aklapper, Mvolz, dpatrick, Wikidata-

[Wikidata-bugs] [Maniphest] [Changed Subscribers] T115788: Wikidata query endpoint shouldn't return traceback when an error is encountered

dpatrick added subscribers: csteipp, dpatrick. dpatrick added a comment. @hoo, @csteipp and I discussed this a bit today. Third-parties who run this code may end up unintentionally exposing backend information in this uncaught exception. Is it onerous to work up a fix for this issue? TASK