https://bugzilla.wikimedia.org/show_bug.cgi?id=58478
Bawolff (Brian Wolff) bawolff...@gmail.com changed:
What|Removed |Added
Blocks||61924
--
https://bugzilla.wikimedia.org/show_bug.cgi?id=58478
Bawolff (Brian Wolff) bawolff...@gmail.com changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=58478
--- Comment #4 from Michael Dale md...@wikimedia.org ---
Within kaltura proper we do sandbox the player in an iframe, but we still make
use of parent javascript access for synchronous api ( postMessage is
asynchronous ) Also HTML fullscreen on
https://bugzilla.wikimedia.org/show_bug.cgi?id=58478
--- Comment #5 from Bawolff (Brian Wolff) bawolff...@gmail.com ---
(In reply to comment #4)
Within kaltura proper we do sandbox the player in an iframe, but we still
make
use of parent javascript access for synchronous api ( postMessage is
https://bugzilla.wikimedia.org/show_bug.cgi?id=58478
--- Comment #2 from Tisza Gergő gti...@wikimedia.org ---
Using iframes would also decrease our attack surface significantly, if we use a
separate domain for them. Plus it would make it simple to treat local and
external files in a uniform way.
https://bugzilla.wikimedia.org/show_bug.cgi?id=58478
--- Comment #1 from Brion Vibber br...@wikimedia.org ---
A couple possible scenarios:
1) Always load just enough code to check for if you need to do runtime JS
transformations
In this scenario, every page that can show wikitext should have at
https://bugzilla.wikimedia.org/show_bug.cgi?id=58478
Siebrand Mazeland s.mazel...@xs4all.nl changed:
What|Removed |Added
CC|
https://bugzilla.wikimedia.org/show_bug.cgi?id=58478
Andre Klapper aklap...@wikimedia.org changed:
What|Removed |Added
Priority|Unprioritized |Low