On Sun, Nov 30, 2008 at 01:16:21AM +0100, Angel Herráez wrote: > On 30 Nov 2008 at 9:48, Brian Salter-Duke wrote: > > That is great news. Thanks, Henry. My page on the Jmol wiki is now > > working and I have something I can point the wikipedia tech folks to so > > that they can look at Jmol. > Brian, I'm quite surprised that your page has started to work NOW. > Unless Nico has updated the Wiki without saying a word, what I > updated earlier this evening was the php file in the Jmol SVN pages. I > would not expect that to affect the Wiki automatically. > > > The question of security still remains. Has > > this been addresed by anyone? Does anyone on this list think it is an > > issue?
> A recent addition to the Wiki questions security on the basis that any > javascript can be run from Jmol script. I'm not sure, though, what > security issues that raises. > See > http://wiki.jmol.org:81/index.php/User:Ilmari_Karonen/JS_injection_demo > > The latest post in the Talk page > http://wiki.jmol.org:81/index.php/User_talk:Ilmari_Karonen/JS_injection_demo > sounds very threatening, but I don't understand it fully. It may, > however, be a big obstacle for Wikipedia adoption. Discussion has been going on at both:- Wikimedia Commons Discussion List <[EMAIL PROTECTED]> and Wikimedia developers <[EMAIL PROTECTED]> This discussion may illustrate the problem:- [Post to commons list] See https://bugzilla.wikimedia.org/show_bug.cgi?id=16491 That users can embed javascript is not acceptable to run it on Wikipedia. Other parameters, like urlContents or signed wouldn't be used but at least they can be disabled. [Me] I am afraid this is all beyond my expertise. Are you saying that there is no way Jmol can ever be used on WMF projects? [Reply from someone else] There is, as soon as the Javascript embedding possibility gets disabled and the extension gets a proper review (TM). This link:- https://bugzilla.wikimedia.org/show_bug.cgi?id=16491 mentioned there is interesting but the question of the CML extension is getting confused with the Jmol extension as both were mentioned in the original post on the Commons list. While Jmol on wikipedia would be great, I would really like it on wikiversity to illustrate some teeaching materials I have started to put there. Brian. -- "If people are good only because they fear punishment, and hope for reward, then we are a sorry lot indeed." -- Albert Einstein Brian Salter-Duke (Brian Duke) Email: b_duke(AT)bigpond(DOT)net(DOT)au ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Jmol-users mailing list Jmol-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jmol-users
