Well the answer is right there in what you posted.
No script took the url for
File:Commodore_Grace_M._Hopper,_USN_(covered).jpg and replaced the
brackets with spaces. (%28 and %29 or '(' and ')' respectively. %20
means <space>)
If you want to be able to look at images with brackets in their names,
I guess you'll have to disable the noscript extension, which seems to
think its a good idea to replace brackets with spaces, in some
misguided attempt to reduce the likelyhood of an XSS.
--
-Bawolff
On 10/25/15, Pine W <wiki.p...@gmail.com> wrote:
> *Here is the 404:*
>
> "404 Not Found
>
> The resource could not be found.
>
> File not found: /v1/AUTH_mw/
> wikipedia-commons-local-public.ad/a/ad/Commodore_Grace_M._Hopper,_USN_%20covered%20.jpg
> "
>
> *Below is the log from the browser console. It looks like Noscript thinks
> that going from commons.wikimedia.org <http://commons.wikimedia.org> to
> upload.wikimedia.org <http://upload.wikimedia.org> involves an untrusted
> XSS. I can tell Noscript to do what it considers to be an unsafe reload and
> it will then load the image properly.*
>
> NS_ERROR_FAILURE: Component returned failure code: 0x80004005
> (NS_ERROR_FAILURE) [nsIWebProgress.addProgressListener] browser.xml:546:0
> [NoScript InjectionChecker] JavaScript Injection in
> ///wikipedia/commons/a/ad/Commodore_Grace_M._Hopper,_USN_(covered).jpg
> (function anonymous() {
> wikipedia/commons/a/ad/Commodore_Grace_M._Hopper,_USN_(covered).jpg /*
> COMMENT_TERMINATOR */
> DUMMY_EXPR
> })
> [NoScript InjectionChecker] JavaScript Injection in
> ///wiki/File:Commodore_Grace_M._Hopper,_USN_(covered).jpg
> (function anonymous() {
> File:Commodore_Grace_M._Hopper,_USN_(covered).jpg /* COMMENT_TERMINATOR */
> DUMMY_EXPR
> })
> [NoScript XSS] Sanitized suspicious request referer. URL [
> https://upload.wikimedia.org/wikipedia/commons/a/ad/Commodore_Grace_M._Hopper%2C_USN_%28covered%29.jpg
> (REF:
> https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_(covered).jpg)]
> requested from [
> https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_(covered).jpg].
> Sanitized Referrer: [
> https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_%20covered%20.jpg
> ].
> [NoScript XSS] Sanitized suspicious request. Original URL [
> https://upload.wikimedia.org/wikipedia/commons/a/ad/Commodore_Grace_M._Hopper%2C_USN_%28covered%29.jpg]
> requested from [
> https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_(covered).jpg].
> Sanitized URL: [
> https://upload.wikimedia.org/wikipedia/commons/a/ad/Commodore_Grace_M._Hopper,_USN_%20covered%20.jpg#36059408556548644467
> ].
> [NoScript HTTPS] AUTOMATIC SECURE on https://upload.wikimedia.org:
> WMF-Last-Access=25-Oct-2015; domain=upload.wikimedia.org; path=/; HttpOnly;
> Secure
> TypeError: self.urlTooltipLabel is undefined
>
>
> *Pine*
>
> On Sun, Oct 25, 2015 at 12:01 PM, Brian Wolff <bawo...@gmail.com> wrote:
>
>> On 10/24/15, Pine W <wiki.p...@gmail.com> wrote:
>> > When I right-click on the image download link for
>> > File:Commodore_Grace_M._Hopper,_USN_(covered).jpg the download I get is
>> > only 269 bytes and it contains a 404 error in plaintext even though it's
>> a
>> > jpg file.
>> >
>> > When I click on the image preview that's 480x600 pixels, I get an XSS
>> > warning from Noscript.
>> >
>> > All other images download ok for me.
>> >
>> > Any knowledge of what the issue is with this one file?
>> >
>> > Thanks,
>> > Pine
>> > _______________________________________________
>> > Wikitech-l mailing list
>> > Wikitech-l@lists.wikimedia.org
>> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>>
>> I have a vauge memory of hearing a similar report once before but I
>> can't find any report about it. Something about noscript not liking
>> brackets in image urls, especially when using media viewer, and
>> redirecting the url to something invalid. (Which if true, is
>> ultimately noscript's fault for being stupid)
>>
>> Can you include the exact text of the 404 message (Most importantly,
>> is it one of ours), and verify the precise url you're downloading to
>> make sure noscript hasn't messed with it?
>>
>> --
>> -bawolff
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> Wikitech-l@lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l@lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
