subject:"\[Wikidata\-bugs\] \[Maniphest\] T340201\: Use custom language code to find i18n XSS issues"

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

2023-10-02 Thread sbassett

sbassett added a comment.


  In T340201#9213154 , 
@Reedy wrote:
  
  > I'm curious how we can track issues found by this...
  >
  > Just xref this task in the description?
  
  We could subtask them under this task.  Or sure, cross-ref this task within 
any new bug, and maybe still subtask them under T2212 
?

TASK DETAIL
  https://phabricator.wikimedia.org/T340201

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lucas_Werkmeister_WMDE, sbassett
Cc: Reedy, Bawolff, Daimona, Nikerabbit, Jdforrester-WMF, Fomafix, 
Lydia_Pintscher, sbassett, jhsoby, kostajh, matmarex, bd808, Michael, Aklapper, 
Lucas_Werkmeister_WMDE, Danny_Benjafield_WMDE, Cleo_Lemoisson, Astuthiodit_1, 
karapayneWMDE, Invadibot, Dylsss, Devnull, maantietaja, ItamarWMDE, Akuckartz, 
DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, 
_jensen, rosalieper, Scott_WUaS, Wong128hk, Luke081515, Wikidata-bugs, aude, 
Grunny, csteipp, Mbch331, Jay8g, Krenair, Legoktm
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

2023-09-30 Thread Reedy

Reedy added a comment.


  I'm curious how we can track issues found by this...
  
  Just xref this task in the description?

TASK DETAIL
  https://phabricator.wikimedia.org/T340201

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lucas_Werkmeister_WMDE, Reedy
Cc: Reedy, Bawolff, Daimona, Nikerabbit, Jdforrester-WMF, Fomafix, 
Lydia_Pintscher, sbassett, jhsoby, kostajh, matmarex, bd808, Michael, Aklapper, 
Lucas_Werkmeister_WMDE, Danny_Benjafield_WMDE, Cleo_Lemoisson, Astuthiodit_1, 
karapayneWMDE, Invadibot, Dylsss, Devnull, maantietaja, ItamarWMDE, Akuckartz, 
DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, 
_jensen, rosalieper, Scott_WUaS, Wong128hk, Luke081515, Wikidata-bugs, aude, 
Grunny, csteipp, Mbch331, Jay8g, Krenair, Legoktm
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

2023-09-30 Thread Bawolff

Bawolff added a comment.


  Creating T347787  to brainstorm 
ideas about the Pager class hierarchy. I didn't create a brainstorming one for 
LogFormatter, as that case seems pretty hopeless.

TASK DETAIL
  https://phabricator.wikimedia.org/T340201

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lucas_Werkmeister_WMDE, Bawolff
Cc: Bawolff, Daimona, Nikerabbit, Jdforrester-WMF, Fomafix, Lydia_Pintscher, 
sbassett, jhsoby, kostajh, matmarex, bd808, Michael, Aklapper, 
Lucas_Werkmeister_WMDE, Danny_Benjafield_WMDE, Cleo_Lemoisson, Astuthiodit_1, 
karapayneWMDE, Invadibot, Dylsss, Devnull, maantietaja, ItamarWMDE, Akuckartz, 
DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, 
_jensen, rosalieper, Scott_WUaS, Wong128hk, Luke081515, Wikidata-bugs, aude, 
Grunny, csteipp, Mbch331, Jay8g, Krenair, Legoktm
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

2023-09-29 Thread Daimona

Daimona added a comment.


  In T340201#9211976 , 
@Bawolff wrote:
  
  > - mustache templates
  
  Yup, that would be T199397 . I'm 
not sure how feasible that would be.
  
  > Maybe we should think about how to either refactor these code patterns so 
we can use phan-taint-check on them, or think of ways of making phan taint 
check better.
  
  +1, always happy to hear suggestions on how to make taint-check more useful.

TASK DETAIL
  https://phabricator.wikimedia.org/T340201

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lucas_Werkmeister_WMDE, Daimona
Cc: Bawolff, Daimona, Nikerabbit, Jdforrester-WMF, Fomafix, Lydia_Pintscher, 
sbassett, jhsoby, kostajh, matmarex, bd808, Michael, Aklapper, 
Lucas_Werkmeister_WMDE, Danny_Benjafield_WMDE, Cleo_Lemoisson, Astuthiodit_1, 
karapayneWMDE, Invadibot, Dylsss, Devnull, maantietaja, ItamarWMDE, Akuckartz, 
DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, 
_jensen, rosalieper, Scott_WUaS, Wong128hk, Luke081515, Wikidata-bugs, aude, 
Grunny, csteipp, Mbch331, Jay8g, Krenair, Legoktm
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

2023-09-29 Thread Bawolff

Bawolff added a comment.


  This also seems to be really demonstrating the value of phan taint check. So 
far it seems like most of the found issues are in some corner that 
phan-taint-check can't analyze
  
  - mustache templates (+ some skin stuff which I didn't look too closely at. 
Not sure if this is purely due to mustache or if there are additional 
complications)
  - LogFormatter subclasses
  - Pager class hierarchy.
  
  [There's some other one-off things that i think would be more straight 
forward to add to phan-taint-check]
  
  Maybe we should think about how to either refactor these code patterns so we 
can use phan-taint-check on them, or think of ways of making phan taint check 
better.

TASK DETAIL
  https://phabricator.wikimedia.org/T340201

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lucas_Werkmeister_WMDE, Bawolff
Cc: Bawolff, Daimona, Nikerabbit, Jdforrester-WMF, Fomafix, Lydia_Pintscher, 
sbassett, jhsoby, kostajh, matmarex, bd808, Michael, Aklapper, 
Lucas_Werkmeister_WMDE, Danny_Benjafield_WMDE, Cleo_Lemoisson, Astuthiodit_1, 
karapayneWMDE, Invadibot, Dylsss, Devnull, maantietaja, ItamarWMDE, Akuckartz, 
DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, 
_jensen, rosalieper, Scott_WUaS, Wong128hk, Luke081515, Wikidata-bugs, aude, 
Grunny, csteipp, Mbch331, Jay8g, Krenair, Legoktm
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

2023-09-29 Thread Maintenance_bot

Maintenance_bot added a project: Wikidata.

TASK DETAIL
  https://phabricator.wikimedia.org/T340201

EMAIL PREFERENCES
  https://phabricator.wikimedia.org/settings/panel/emailpreferences/

To: Lucas_Werkmeister_WMDE, Maintenance_bot
Cc: Bawolff, Daimona, Nikerabbit, Jdforrester-WMF, Fomafix, Lydia_Pintscher, 
sbassett, jhsoby, kostajh, matmarex, bd808, Michael, Aklapper, 
Lucas_Werkmeister_WMDE, Danny_Benjafield_WMDE, Cleo_Lemoisson, Astuthiodit_1, 
karapayneWMDE, Invadibot, Dylsss, Devnull, maantietaja, ItamarWMDE, Akuckartz, 
DannyS712, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, 
_jensen, rosalieper, Scott_WUaS, Wong128hk, Luke081515, Wikidata-bugs, aude, 
Grunny, csteipp, Mbch331, Jay8g, Krenair, Legoktm
___
Wikidata-bugs mailing list -- wikidata-bugs@lists.wikimedia.org
To unsubscribe send an email to wikidata-bugs-le...@lists.wikimedia.org

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

[Wikidata-bugs] [Maniphest] T340201: Use custom language code to find i18n XSS issues

6 matches

Site Navigation

Mail list logo

Footer information