Page MenuHomePhabricator
Create Task
Maniphest T341416

MediaWiki JS documentation tries to load fonts from Google (but fails due to CSP)
Open, Needs TriagePublic
Actions

Description

At the bottom of the HTML for https://doc.wikimedia.org/mediawiki-core/master/js/ there is:

<script type="text/javascript">
(function(){
  var protocol = (document.location.protocol === "https:") ? "https:" : "http:";
  document.write("<link href='"+protocol+"//fonts.googleapis.com/css?family=Exo' rel='stylesheet' type='text/css' />");
})();
</script>

This is correctly blocked by the CSP, but should still be removed.

Related Objects

Event Timeline

taavi created this task.Jul 8 2023, 8:08 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 8 2023, 8:08 PM
taavi added a comment.Jul 8 2023, 8:14 PM

T213282: JSDuck at doc.wikimedia.org loads fonts from google says the CSP is a good-enough fix for this while until migrate to a better documentation generator?

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits