https://bugzilla.wikimedia.org/show_bug.cgi?id=27968
Summary: JavaScript included via plain HTTP on HTTPS sites
Product: Wikimedia
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: Normal
Component: General/Unknown
AssignedTo: [email protected]
ReportedBy: [email protected]
In the "secure" version of Wikipedia, there is a JavaScript embedded from
http://geoiplookup.wikimedia.org. This makes the HTTPS somehow completely
useless if the user has JavaScript enabled.
I understand that it is complicated to embed the images via HTTPS. But please
fix at least that one here, as it really breaks the security (allowing an
attacker to do anything), in contrast to the image thing (which only creates
warnings and does allow an attacker to manipulate only the images).
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
