Page MenuHomePhabricator

Adguard injects code to VisualEditor edits
Closed, ResolvedPublic1 Story Points

Description

I noticed some edits in the Hebrew Wikipedia in which some JavaScript as inserted, probably without the editors' knowledge, by some software that runs on their machines.

Examples:

The code is sanitized and escaped, so it's harmless as far as security goes, but it makes dirty diffs and articles and adds work to patrolers who need to clean it up. It's also possible to define an AbuseFilter (as was already done in he.wiki), but a more comprehensive solution would be nice, such as preventing this from happening, or (dare I say) getting that external software fixed.

Event Timeline

Amire80 created this task.Jun 22 2015, 10:05 PM
Amire80 updated the task description. (Show Details)
Amire80 raised the priority of this task from to Needs Triage.
Amire80 added a project: VisualEditor.
Amire80 added subscribers: Amire80, Mooeypoo, Krenair, eranroz.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 22 2015, 10:05 PM

Change 220028 had a related patch set uploaded (by Jforrester):
ve.init.mw.Target: Kill all <script> tags before sending to Parsoid

https://gerrit.wikimedia.org/r/220028

Jdforrester-WMF edited a custom field.

Change 220028 merged by jenkins-bot:
ve.init.mw.Target: Strip all <script>/<object>/<style>/<embed> on save

https://gerrit.wikimedia.org/r/220028

Jdforrester-WMF closed this task as Resolved.Jun 25 2015, 11:50 PM
Jdforrester-WMF removed a project: Patch-For-Review.
Jdforrester-WMF moved this task from Doing to Done on the VisualEditor 2014/15 Q4 blockers board.