Page MenuHomePhabricator
Create Task
Maniphest T269632

Abuse Filter Graphs on ptwikis.toolforge.org loads jquery from external website
Closed, ResolvedPublic
Actions

Description

(I hope this is the right place; https://github.com/ptwikis/ptwikis linked from https://tools.wmflabs.org/admin/tools offers no issue tracker. Also not sure who to subscribe to allow attention; I copied names from the page; please feel free to remove yourself.)

Steps to reproduce:

  1. Go to https://ptwikis.toolforge.org/Filters
  2. Enter language code and click "Go" button

Actual results:
On result page, see that <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> is in the source code.

Expected results:
Not loading content from a third-party server. Use https://tools-static.wmflabs.org/cdnjs/ajax/libs/jquery/1.11.1/jquery.min.js instead.

Related Objects
Search...

Event Timeline

Aklapper created this task.Dec 7 2020, 10:01 PM
Aklapper added a parent task: T172065: Hunt for Toolforge tools that load resources from third party sites.
bd808 subscribed.Dec 7 2020, 10:08 PM

It looks like there are quite a few other Content-Security-Policy violations for this tool: https://csp-report.toolforge.org/search?ft=ptwikis

Nintendofan885 claimed this task.Dec 7 2020, 10:50 PM
Nintendofan885 subscribed.

Created a pull request at https://github.com/ptwikis/ptwikis/pull/5

He7d3r added a comment.Mar 27 2021, 12:14 PM
In T269632#6674823, @bd808 wrote:

It looks like there are quite a few other Content-Security-Policy violations for this tool: https://csp-report.toolforge.org/search?ft=ptwikis

Judging by the report from this tool, looks like the merged pull request was not synced to toolforge. Is that right @Danilo, @Alchimista ?

Aklapper added a comment.Feb 16 2022, 1:12 PM

This merged fix is still not deployed.

Danilo closed this task as Resolved.Feb 16 2022, 2:49 PM
Danilo claimed this task.

Fixed. I changed the code to not use JQuery.

There is a "Coordination/bug report" link in the side menu, I thought it was easy to find. I don't use more the github repository. The best way to find me is in IRC, I only saw this task because I have an IRC bot that relays wikibugs reports that have the term "ptwiki".

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL