JSDuck at doc.wikimedia.org loads fonts from google
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Bawolff
	Jan 9 2019, 1:32 PM

Description

Generally loading external resources isn't cool.

If you look at the bottom of https://doc.wikimedia.org/mediawiki-core/master/js/

<script type="text/javascript">
(function(){
  var protocol = (document.location.protocol === "https:") ? "https:" : "http:";
  document.write("<link href='"+protocol+"//fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css' />");
})();
</script>

Related Objects
Search...

Status	Subtype	Assigned	Task
Resolved		hashar	T213282 JSDuck at doc.wikimedia.org loads fonts from google
Resolved		apaskulin	T138401 Replace jsduck with JSDoc3 across all Wikimedia code bases
Resolved		• Jhernandez	T146917 [Spike, 4hrs] What does jsdoc not support that jsduck does
Duplicate		None	T153890 [2 hours] Compare the features offered by jsduck and jsdoc
Resolved		Krinkle	T185397 Replace jsduck with JSDoc3 in OOjs
Resolved		apaskulin	T187672 Release jsdoc-wmf-theme 1.0 (Wikimedia theme for JSDoc3)
Open		None	T207383 Inherited methods and members of mixins are missing
Resolved		Esanders	T262403 jsdoc-wmf-theme: Search is completely broken
Resolved		Esanders	T337575 jsodoc-wmf-theme: Params table is not very legible
Resolved	BUG REPORT	Krinkle	T315103 Menu on https://doc.wikimedia.org/oojs/master/ non functional on Firefox mobile
Resolved		Jdlrobson	T188261 [MobileFrontend] Replace JSDuck with JSDoc
Duplicate		None	T188262 Remove JSDuck
Duplicate		None	T188263 Fix JSDoc offenders
Duplicate		None	T188264 Add JSDoc configuration file
Resolved		• nray	T239258 Migrate JavaScript API documentation from jsduck to JSDoc
Resolved		Jdforrester-WMF	T250843 Replace jsduck with JSDoc3 in VisualEditor
Resolved		matmarex	T185396 Replace jsduck with JSDoc3 in OOUI
Declined		None	T156469 jsduck doesn't support ES6
Resolved		cscott	T184573 Re-enable documentation for ES6-using classes
Resolved		TheDJ	T284766 Document process to add jsdoc to a repository
Resolved		Samwilson	T307415 Add JSDoc configuration to WikiEditor
Resolved		None	T342864 Replace jsduck with JSDoc3 in Kartographer
Open		None	T342905 Replace jsduck with JSDoc3 in Wikibase
Declined		None	T351764 Preserve existing JSDuck documentation on docs.wikimedia.org
Resolved		apaskulin	T352308 Port remaining files to jsdoc in MediaWiki core
Resolved		Krinkle	T353418 Fix broken link in mw.requestIdleCallback docs
Resolved		matmarex	T353540 Make oojs-ui the primary source of OOUI docs
Resolved		apaskulin	T353560 Fix on-wiki links to MediaWiki JSDoc site
Declined	BUG REPORT	Jdlrobson	T354716 Cryptic warnings inside publish.js on valid JSDoc
Resolved		apaskulin	T356546 Update the MediaWiki core JSDoc homepage
Resolved		egardner	T352320 Redirect existing hyperlinks to old docs
Open		None	T365114 Replace jsduck with JSDoc3 in UploadWizard
Open		None	T366230 Mass refactoring of JSDuck-only tags
Open		None	T366264 Replace jsduck with JSDoc3 in Translate
Resolved		Novem_Linguae	T366789 Replace jsduck with JSDoc3 in CollaborationKit
Resolved		Novem_Linguae	T367507 Replace jsduck with JSDoc3 in GuidedTour
Resolved		Novem_Linguae	T368082 Decide on the standard name for a JSDoc settings file: .jsdoc.json or jsdoc.json

Event Timeline

Bawolff created this task.Jan 9 2019, 1:32 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 9 2019, 1:32 PM

Filed Upstream with JSDuck at https://github.com/senchalabs/jsduck/issues/678

Upstream basically saying it's unmaintained... Filed T213428 as to work out what we do about using it in our infrastructure

Reedy mentioned this in T213428: jsduck unmaintained.Jan 10 2019, 1:41 PM

I guess worst case scenario, we could add a post-processing step

Jdforrester-WMF subscribed.Jan 10 2019, 5:06 PM

The task to fix/replace JSDuck specifically, is T138401.

The general task to make sure auto-generated docs technically cannot establish third-party connections is T213223. The CSP policy will make sure that even if individual teams forget to think about this when adopting some new tool, or if an upstream library is updated and introduces a regression of this kind, that it won't hurt us.

Between those two, I think this task is covered, and could be closed in favour of those two.

Rxy merged a task: T214361: VisualEditor at doc.wikimedia.org loads fonts from google.Aug 31 2019, 1:12 AM

Rxy added a subscriber: matmarex.

T213223 applied a CSP policy on doc.wikimedia.org and fonts.googleapis.com is now blocked by browser supporting CSP. So I guess it is enough to mark this resolved?

(T213223 got partially reverted hence this task is still open)

• JFishback_WMF moved this task from Intake to Backlog on the Privacy board.Feb 4 2020, 11:45 PM

valerio.bozzolan mentioned this in T266998: Avoid third party resources from *.wikimedia.it websites.Nov 2 2020, 9:30 AM

please use jsdoc rather than fixing this (see T138401)

Not fixed until that task is done.

on completion of T138401.

Aklapper added a subtask: T138401: Replace jsduck with JSDoc3 across all Wikimedia code bases.Mar 16 2021, 8:21 PM

That is fixed by applying a CSP rule which leads to:

Content Security Policy: The page’s settings blocked the loading of a resource at https://fonts.googleapis.com/css?family=Exo (“style-src”).

That was done via T213223

taavi mentioned this in T341416: MediaWiki JS documentation tries to load fonts from Google (but fails due to CSP).Jul 8 2023, 8:14 PM

apaskulin closed subtask T138401: Replace jsduck with JSDoc3 across all Wikimedia code bases as Resolved.Nov 12 2024, 11:36 PM

JSDuck at doc.wikimedia.org loads fonts from googleClosed, ResolvedPublicActions

Description

Related ObjectsSearch...

Event Timeline

JSDuck at doc.wikimedia.org loads fonts from google
Closed, ResolvedPublic
Actions

Related Objects
Search...