Well the answer is right there in what you posted. No script took the url for File:Commodore_Grace_M._Hopper,_USN_(covered).jpg and replaced the brackets with spaces. (%28 and %29 or '(' and ')' respectively. %20 means <space>)
If you want to be able to look at images with brackets in their names, I guess you'll have to disable the noscript extension, which seems to think its a good idea to replace brackets with spaces, in some misguided attempt to reduce the likelyhood of an XSS. -- -Bawolff On 10/25/15, Pine W <wiki.p...@gmail.com> wrote: > *Here is the 404:* > > "404 Not Found > > The resource could not be found. > > File not found: /v1/AUTH_mw/ > wikipedia-commons-local-public.ad/a/ad/Commodore_Grace_M._Hopper,_USN_%20covered%20.jpg > " > > *Below is the log from the browser console. It looks like Noscript thinks > that going from commons.wikimedia.org <http://commons.wikimedia.org> to > upload.wikimedia.org <http://upload.wikimedia.org> involves an untrusted > XSS. I can tell Noscript to do what it considers to be an unsafe reload and > it will then load the image properly.* > > NS_ERROR_FAILURE: Component returned failure code: 0x80004005 > (NS_ERROR_FAILURE) [nsIWebProgress.addProgressListener] browser.xml:546:0 > [NoScript InjectionChecker] JavaScript Injection in > ///wikipedia/commons/a/ad/Commodore_Grace_M._Hopper,_USN_(covered).jpg > (function anonymous() { > wikipedia/commons/a/ad/Commodore_Grace_M._Hopper,_USN_(covered).jpg /* > COMMENT_TERMINATOR */ > DUMMY_EXPR > }) > [NoScript InjectionChecker] JavaScript Injection in > ///wiki/File:Commodore_Grace_M._Hopper,_USN_(covered).jpg > (function anonymous() { > File:Commodore_Grace_M._Hopper,_USN_(covered).jpg /* COMMENT_TERMINATOR */ > DUMMY_EXPR > }) > [NoScript XSS] Sanitized suspicious request referer. URL [ > https://upload.wikimedia.org/wikipedia/commons/a/ad/Commodore_Grace_M._Hopper%2C_USN_%28covered%29.jpg > (REF: > https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_(covered).jpg)] > requested from [ > https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_(covered).jpg]. > Sanitized Referrer: [ > https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_%20covered%20.jpg > ]. > [NoScript XSS] Sanitized suspicious request. Original URL [ > https://upload.wikimedia.org/wikipedia/commons/a/ad/Commodore_Grace_M._Hopper%2C_USN_%28covered%29.jpg] > requested from [ > https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_(covered).jpg]. > Sanitized URL: [ > https://upload.wikimedia.org/wikipedia/commons/a/ad/Commodore_Grace_M._Hopper,_USN_%20covered%20.jpg#36059408556548644467 > ]. > [NoScript HTTPS] AUTOMATIC SECURE on https://upload.wikimedia.org: > WMF-Last-Access=25-Oct-2015; domain=upload.wikimedia.org; path=/; HttpOnly; > Secure > TypeError: self.urlTooltipLabel is undefined > > > *Pine* > > On Sun, Oct 25, 2015 at 12:01 PM, Brian Wolff <bawo...@gmail.com> wrote: > >> On 10/24/15, Pine W <wiki.p...@gmail.com> wrote: >> > When I right-click on the image download link for >> > File:Commodore_Grace_M._Hopper,_USN_(covered).jpg the download I get is >> > only 269 bytes and it contains a 404 error in plaintext even though it's >> a >> > jpg file. >> > >> > When I click on the image preview that's 480x600 pixels, I get an XSS >> > warning from Noscript. >> > >> > All other images download ok for me. >> > >> > Any knowledge of what the issue is with this one file? >> > >> > Thanks, >> > Pine >> > _______________________________________________ >> > Wikitech-l mailing list >> > Wikitech-l@lists.wikimedia.org >> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l >> >> I have a vauge memory of hearing a similar report once before but I >> can't find any report about it. Something about noscript not liking >> brackets in image urls, especially when using media viewer, and >> redirecting the url to something invalid. (Which if true, is >> ultimately noscript's fault for being stupid) >> >> Can you include the exact text of the 404 message (Most importantly, >> is it one of ours), and verify the precise url you're downloading to >> make sure noscript hasn't messed with it? >> >> -- >> -bawolff >> >> _______________________________________________ >> Wikitech-l mailing list >> Wikitech-l@lists.wikimedia.org >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l >> > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l