How long is too long? I really have no feel for what the official parsing logic does, but (with obviously apologies for still appearing to self-promote) my fairly simple-minded approach currently runs 3.5 seconds from the end of download to installing the highlighted text in the UI control, for two fairly large articles ("West Virginia" in both WP and EB1911), and last time I used earwig I was getting pretty comparable results. That's on my Surface 4, an Intel i5 2-core laptop. I mean, if that's significantly longer than the server, then I'll step back, but otherwise you're free to re-use the logic (I realize C# to py may be a problem).

From the for-what-it's-worth department, I have thrown together a clean-room simplified implementation of only the "URL comparison" feature in a Windows exe creatively called "Copyvios". It has limited applicability (i.e. it scratches my own personal itch so far as the exterior URL is concerned) explained in its README. It does the comparison in a few seconds at most, and the result is broadly comparable with the online tool.

@Earwig I was going to ask: Purely selfishly, how easy would it be to break out the "URL comparison" feature into a separate tool? Presumably it uses fewer resources, and (as I said, purely selfishly) it's the only feature I use.

Thanks for the efforts so far. Hope you can track it down.

It came back briefly, but it's gone again. From where I am, it connects to the server and then 504's after 3 minutes.

Looking (for the first time) at that grafana graph, and due respect to your 30% calculation: the usage reported there was spiky for the first ~9 days, but went to an almost-solid 100% about them time we noticed the timeouts.

Ah, that makes it more complex. Again, I guess there's no evidence that anyone else is encountering the API failures due to an out-of-date security infrastructure; AWB for example still uses fx 4.5 but the code must have been fixed well back, so all seems well. I know I've been heard, so you can put this on infinite backlog.

Suggest: near the top of the /sec-warning file, add an HTML comment:

Yes, an HTML comment, embedded near the top of the page text, not in the response headers. I called it an XML comment because it's in the XML format. Sorry if that was a misdirection. It probably belongs properly in a <HEAD> element (actually, so does the TITLE).

I want to dispute the closing of this because I was specifically asked by the other folks in the linked task to open this separately. Can you get together and decide how to handle it? As I said, it's probably moot but that's not for me to decide.

Closed as suggested. Sorry about the delay; I'll open another ticket although it's rapidly becoming moot. Is this the equivalent of "By Design"?

Thanks, BBlack, for the obvious thoughtful care that went into this. And, in my case, it had the desired end-result, although I had to read to the end of the page to get me started.

Oh, goodness, my thinking is muddled today. Blame a cold.

Thanks for picking this up. I assume the answer is buried deep in XmlDocument.Load(). According to the stack trace it's System.Xml.XmlTextReaderImpl.ParseEndElement() that gets upset. But you're probably right; I didn't look critically enough. The <IMG> element isn't closed.

I don't know if this is late to the game, but from the perspective of one who uses the http API: in the past 2 weeks or so, on en.wikipedia.org, a multi-user "usercontribs" query went from always returning immediately (sub-second) to always timing out. Is this change intended to fix that?

Your issue isn't really related to this task. But I suspect it'll be fixed by https://gerrit.wikimedia.org/r/c/mediawiki/core/+/461440, when that gets merged.

I was sent here from a thread in mediawiki.org API talk:Usercontribs. On the English Wikipedia, in recent days, a simple usercontribs list request with two ucusers has changed from always responding immediately (sub-second) to always timing out. Here's the actual URL I recently tried:
GET /w/api.php?action=query&format=xml&list=usercontribs&ucuser=DavidBrooks%7CDavidBrooks-AWB&uclimit=20&ucnamespace=0&ucprop=title%7Ctimestamp%7Ccomment%7Cflags&continue= HTTP/1.1

I thought that might be the case. Just wanted to be sure you were aware.

Repro steps work - thanks for the quick fix.

Confirmed: I just downloaded version 5700. When trying to switch projects, the UI says it cannot load Newtonsoft.Json, version 7.0.0.0. The version in the download zip is 6.0.8.18111.