Re: [Wikitech-l] Refactoring MonoBook

2018-03-17 Thread K. Peachey
On 18 March 2018 at 10:56, Isarra Yos wrote: > > There are also some problems that need addressing down the road: that I'm > not sure how safe it is for caching and the like to just go moving > images/css files around willy-nilly, that there are no 'standard' skin > practices

Re: [Wikitech-l] Refactoring MonoBook

2018-03-17 Thread Isarra Yos
I have just been informed that Modern works by extending MonoBookTemplate. This is a problem. -I On 18/03/18 00:56, Isarra Yos wrote: I'm refactoring MonoBook, starting with MonoBookTemplate. The current change gets rid of the entire immediate print/html soup approach and instead assembles a

[Wikitech-l] Refactoring MonoBook

2018-03-17 Thread Isarra Yos
I'm refactoring MonoBook, starting with MonoBookTemplate. The current change gets rid of the entire immediate print/html soup approach and instead assembles a giant string and prints that in one statement at the end. See: https://gerrit.wikimedia.org/r/#/c/420154/ and

Re: [Wikitech-l] What ways are there to include user-edited JavaScript in a wiki page? (threat model: crypto miners)

2018-03-17 Thread Alex Monk
On Sat, 17 Mar 2018, 18:16 Chico Venancio, wrote: > Alex Monk wrote: > I don't think the communities actually want js injected without code-review > that much. They (we) do want to have easy access to gadget and scripts > though. > Attempting to impose any procedure

Re: [Wikitech-l] What ways are there to include user-edited JavaScript in a wiki page? (threat model: crypto miners)

2018-03-17 Thread Chico Venancio
Pine wrote: > I hope that there is way that these suggestions are being tracked but I > don't see a public task for this on the Security workboard, possibly to > avoid announcing vulnerabilities in public until they have been assessed. There is the https://phabricator.wikimedia.org/T71445 that

Re: [Wikitech-l] What ways are there to include user-edited JavaScript in a wiki page? (threat model: crypto miners)

2018-03-17 Thread Alex Monk
You'd have to stop stewards from loading site-wide JS, gadgets, as well as removing their ability to have their user JS from pulling in JS from other sites/users/etc. somehow. Trying to restrict it would probably lead to a backlash from communities that would make superprotect look like a joke. I

Re: [Wikitech-l] What ways are there to include user-edited JavaScript in a wiki page? (threat model: crypto miners)

2018-03-17 Thread Pine W
Musikanimal, that sounds like a good suggestion to add to Phabricator. I hope that there is way that these suggestions are being tracked but I don't see a public task for this on the Security workboard, possibly to avoid announcing vulnerabilities in public until they have been assessed. Unless