Page MenuHomePhabricator

Adguard injects code to VisualEditor edits
Closed, ResolvedPublic1 Estimated Story Points


I noticed some edits in the Hebrew Wikipedia in which some JavaScript as inserted, probably without the editors' knowledge, by some software that runs on their machines.


The code is sanitized and escaped, so it's harmless as far as security goes, but it makes dirty diffs and articles and adds work to patrolers who need to clean it up. It's also possible to define an AbuseFilter (as was already done in, but a more comprehensive solution would be nice, such as preventing this from happening, or (dare I say) getting that external software fixed.

Event Timeline

Amire80 raised the priority of this task from to Needs Triage.
Amire80 updated the task description. (Show Details)
Amire80 added a project: VisualEditor.
Amire80 added subscribers: Amire80, Mooeypoo, Krenair, eranroz.

Change 220028 had a related patch set uploaded (by Jforrester): Kill all <script> tags before sending to Parsoid

Change 220028 merged by jenkins-bot: Strip all <script>/<object>/<style>/<embed> on save