subject:"\[MediaWiki\-commits\] \[Gerrit\] renderer.article\: Ignore thumnail if the URL has suspicious ... \- change \(mediawiki...Popups\)"

[MediaWiki-commits] [Gerrit] renderer.article: Ignore thumnail if the URL has suspicious ... - change (mediawiki...Popups)

2015-03-26 Thread jenkins-bot (Code Review)

jenkins-bot has submitted this change and it was merged.

Change subject: renderer.article: Ignore thumnail if the URL has suspicious 
characters
..


renderer.article: Ignore thumnail if the URL has suspicious characters

If the URL of the thumbnail has suspicious characters like ',  or \
return a span instead of trying to render a thumbnail.

Bug: T88171
Change-Id: Ide052ea2a7de166599d077a385a6e788bfa63302
---
M resources/ext.popups.renderer.article.js
1 file changed, 9 insertions(+), 2 deletions(-)

Approvals:
  CSteipp: Looks good to me, but someone else must approve
  Werdna: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/resources/ext.popups.renderer.article.js 
b/resources/ext.popups.renderer.article.js
index 728606b..0204577 100644
--- a/resources/ext.popups.renderer.article.js
+++ b/resources/ext.popups.renderer.article.js
@@ -249,11 +249,18 @@
var svg = mw.popups.supportsSVG;
 
if (
-   !thumbnail || // No thumbnail
+   // No thumbnail
+   !thumbnail ||
// Image too small for landscape display
( !tall  thumbnail.width  
article.SIZES.landscapeImage.w ) ||
// Image too small for protrait display
-   ( tall  thumbnail.height  
article.SIZES.portraitImage.h )
+   ( tall  thumbnail.height  
article.SIZES.portraitImage.h ) ||
+   // These characters in URL that could inject CSS and 
thus JS
+   (
+   thumbnail.source.indexOf( '\\' )  -1 ||
+   thumbnail.source.indexOf( '\'' )  -1 ||
+   thumbnail.source.indexOf( '\' )  -1
+   )
) {
return $( 'span' );
}

-- 
To view, visit https://gerrit.wikimedia.org/r/199211
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ide052ea2a7de166599d077a385a6e788bfa63302
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Popups
Gerrit-Branch: master
Gerrit-Owner: Prtksxna psax...@wikimedia.org
Gerrit-Reviewer: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Prtksxna psax...@wikimedia.org
Gerrit-Reviewer: Werdna agarr...@wikimedia.org
Gerrit-Reviewer: jenkins-bot 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] renderer.article: Ignore thumnail if the URL has suspicious ... - change (mediawiki...Popups)

2015-03-24 Thread Prtksxna (Code Review)

Prtksxna has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/199211

Change subject: renderer.article: Ignore thumnail if the URL has suspicious 
characters
..

renderer.article: Ignore thumnail if the URL has suspicious characters

If the URL of the thumbnail has suspicious characters like ',  or \
return a span instead of trying to render a thumbnail.

Bug: T88171
Change-Id: Ide052ea2a7de166599d077a385a6e788bfa63302
---
M resources/ext.popups.renderer.article.js
1 file changed, 9 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Popups 
refs/changes/11/199211/1

diff --git a/resources/ext.popups.renderer.article.js 
b/resources/ext.popups.renderer.article.js
index 728606b..0204577 100644
--- a/resources/ext.popups.renderer.article.js
+++ b/resources/ext.popups.renderer.article.js
@@ -249,11 +249,18 @@
var svg = mw.popups.supportsSVG;
 
if (
-   !thumbnail || // No thumbnail
+   // No thumbnail
+   !thumbnail ||
// Image too small for landscape display
( !tall  thumbnail.width  
article.SIZES.landscapeImage.w ) ||
// Image too small for protrait display
-   ( tall  thumbnail.height  
article.SIZES.portraitImage.h )
+   ( tall  thumbnail.height  
article.SIZES.portraitImage.h ) ||
+   // These characters in URL that could inject CSS and 
thus JS
+   (
+   thumbnail.source.indexOf( '\\' )  -1 ||
+   thumbnail.source.indexOf( '\'' )  -1 ||
+   thumbnail.source.indexOf( '\' )  -1
+   )
) {
return $( 'span' );
}

-- 
To view, visit https://gerrit.wikimedia.org/r/199211
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ide052ea2a7de166599d077a385a6e788bfa63302
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Popups
Gerrit-Branch: master
Gerrit-Owner: Prtksxna psax...@wikimedia.org

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] renderer.article: Ignore thumnail if the URL has suspicious ... - change (mediawiki...Popups)

[MediaWiki-commits] [Gerrit] renderer.article: Ignore thumnail if the URL has suspicious ... - change (mediawiki...Popups)

2 matches

Site Navigation

Mail list logo

Footer information