date:20161025

Re: [Wikitech-l] 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

2016-10-25 Thread Gabriel Wicke

See also https://phabricator.wikimedia.org/T96461, which discusses using
https://github.com/cure53/DOMPurify, and Parsoid's Token-based sanitizer.

On Tue, Oct 25, 2016 at 6:12 PM, Legoktm 
wrote:

> Hi,
>
> On 10/25/2016 03:14 PM, Rob Lanphier wrote:
> > 3.  Should we turn our SVG validation code into a proper library?
>
> Yes! This is . :)
>
> -- Legoktm
>
> ___
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



-- 
Gabriel Wicke
Principal Engineer, Wikimedia Foundation
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] Deploying the Linter extension to Wikimedia wikis

2016-10-25 Thread Legoktm

Hi,

On 10/24/2016 06:42 AM, MZMcBride wrote:
> How will the errors be queried? Will be there an api.php module to query
> on a per-error or per-page basis?

Yes, per-error is implemented, and I've also implemented per-namespace
filtering, but not per-page yet.

> Does the extension distinguish between errors and warnings? Are there
> gradations of errors? For example, deprecated syntax v. invalid syntax?

Not really. Each category has a name like "obsolete-tag" or
"bogus-image-options", and that's about it.

> I wonder if the name "Linter" is overly generic. This extension will only
> activate on wikitext, correct? It won't lint other content models/types
> such as JavaScript and CSS?

The Linter extension doesn't care about that at all - it gets told about
errors from Parsoid (or any whitelisted service) stores them, and
displays them to users. So if someone set up a JSCS service or something
to provide errors about JavaScript pages, we could hook up that to
Linter. (There's currently only one line of code in Linter that's
Parsoid-specific).

-- Legoktm

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

2016-10-25 Thread Legoktm

Hi,

On 10/25/2016 03:14 PM, Rob Lanphier wrote:
> 3.  Should we turn our SVG validation code into a proper library?

Yes! This is . :)

-- Legoktm

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

2016-10-25 Thread Rob Lanphier

Hi everyone,

For [this week's ArchCom-RFC meeting][E325], let's talk about SVG.

As you probably know, MediaWiki optionally allows for SVG uploads,
which is allowed on many Wikimedia wikis (e.g. on Commons).  However,
in order to make this preference safe to use, we need to validate the
SVG.

One thing that's allowed in the SVG spec is to embed fragments of
XHTML inside the SVG.  This isn't just a obscure spec feature; this is
understood to be the best way to embed a caption for a diagram that
allows for word wrap when the image is scaled.  Having XHTML support
also would allow for greater compatibility between MediaWiki and
real-world SVG editing tools (e.g. like draw.io)

matmarex made a suggestion in [the bug for this][T138783]:
> We have a HTML validation library (the Sanitizer class) and it could
> probably be hooked up to validating HTML in SVG file uploads. But it
> would definitely require some work.

It's not officially an RFC, but I suggested it as a discussion topic
in [last week's ArchCom planning meeting][3], and no one objected.

Let's see if we can answer a couple of questions:
1.  Is this a good idea in theory?  i.e. is it possible/likely that an
experienced developer could implement something that can pass security
review, or is it conceptually flawed?
2.  Is matmarex's suggested approach a good one?
3.  Should we turn our SVG validation code into a proper library?
4.  (if there's time) Let's step through the [brion's June 30 comment][4]

This week it will be the usual time (Wednesday 21 UTC, 14 PDT, 23 CEST)
and place (#wikimedia-office).  Next week, things get complicated
because of the end of [Summer Time in Europe][5]; an announcement
about next week's meeting will hopefully find its way to the
[ArchComStatus page][6].

Rob

[E325]: 
[T138783]: 
[3]: 
[4]: 
[5]: 
[6]: 

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

[Wikitech-l] Small, old, unreviewed MediaWiki Core patches waiting in Gerrit

2016-10-25 Thread Andre Klapper

Another list of oldest MW Core patches, touching <=10 lines, with CR=0,
Verified>0, without merge conflicts in Gerrit, sorted by age.

Decisions (=CR) welcome. 

Thanks in advance for your review + help reducing our review backlog.


https://gerrit.wikimedia.org/r/#/c/258037/
Qualify page titles as such in messages about editing or acting on a page
  /languages/i18n/en.json

https://gerrit.wikimedia.org/r/#/c/145882/
Add two properties to Action.php
  /includes/actions/Action.php

https://gerrit.wikimedia.org/r/#/c/264621/
Linker: No need to encode single quotes in makeBrokenImageLinkObj()
  /includes/Linker.php

https://gerrit.wikimedia.org/r/#/c/265375/
Add class to EditPage text area when editing an old revision
  /includes/EditPage.php

https://gerrit.wikimedia.org/r/#/c/251804/
Export: Use BCP 47 language code for attribute xml:lang
  /includes/export/XmlDumpWriter.php

https://gerrit.wikimedia.org/r/#/c/187898/
Move notification area from mw.util.$content to document.body
  /resources/Resources.php
  /resources/src/mediawiki/mediawiki.notification.js

https://gerrit.wikimedia.org/r/#/c/269108/
Fix the uppercase issue of "lang" parameter in ImagePage
  /includes/page/ImagePage.php

https://gerrit.wikimedia.org/r/#/c/278449/
splitTrail: treat two or more apostrophes as trail 
  /includes/Linker.php

https://gerrit.wikimedia.org/r/#/c/276945/
Convert Special:ListFiles to OOUI
  /includes/specials/pagers/ImageListPager.php

https://gerrit.wikimedia.org/r/#/c/248572/
Tweak packed-hover gallery mode for better video compat
  /resources/src/mediawiki/page/gallery.js

https://gerrit.wikimedia.org/r/#/c/279087/
Remove dummy language codes from Names.php
  /languages/data/Names.php

https://gerrit.wikimedia.org/r/#/c/272708/
Change .tocnumber to use grey text for section numbers in ToC boxes
  /resources/src/mediawiki.skinning/content.css


Thanks for comments, reviews, merges in the last edition to: Florian,
Jforrester, Krinkle, Legoktm, Matmarex, Phuedx, RobLa, Tjones.

-- 
Andre Klapper | Wikimedia Bugwrangler
http://blogs.gnome.org/aklapper/

___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

Re: [Wikitech-l] Deploying the Linter extension to Wikimedia wikis

Re: [Wikitech-l] 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

[Wikitech-l] 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

[Wikitech-l] Small, old, unreviewed MediaWiki Core patches waiting in Gerrit

5 matches

Site Navigation

Mail list logo

Footer information