Page MenuHomePhabricator
Create Task
Maniphest T220566

Notification on invisible content in edit summary
Open, Needs TriagePublic
Actions

Description

Since we can now notify people by quoting them in the edit summaries, it is now possible to exploit the fact that notification only require to point to a username using a link which content could be a space or an invisible char.

In the contrary to the notifications made "on page", notifications wikicode in the summary is not easily readable and it makes this trick less likely to be found.

This could be an issue and misused to hide notifications in an harassing or canvassing process for example.

Examples :

Event Timeline

OldUser02 created this task.Apr 9 2019, 11:17 PM
Restricted Application added a project: Growth-Team. · View Herald TranscriptApr 9 2019, 11:17 PM
Restricted Application added subscribers: MGChecker, Aklapper. · View Herald Transcript
OldUser02 updated the task description. (Show Details)Apr 9 2019, 11:17 PM
Ammarpad subscribed.Apr 10 2019, 7:41 AM
Niharika subscribed.EditedMay 8 2019, 7:03 PM

@Scoopfinder The examples you list are not for user notifications, are they? I might be missing the context in the translation.

EDIT: Never mind, I see what you mean! Thanks for flagging this issue for us.

JTannerWMF moved this task from Inbox to External on the Growth-Team board.May 8 2019, 7:07 PM
OldUser02 updated the task description. (Show Details)May 9 2019, 9:05 AM
OldUser01 subscribed.Feb 1 2020, 1:15 PM
MBinder_WMF added a project: Growth-Team-Filtering.Apr 15 2021, 6:51 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL