Closed
Bug 871669
Opened 11 years ago
Closed 10 years ago
install "RSS" extension on wiki.mozilla.org
Categories
(Infrastructure & Operations :: IT-Managed Tools, task)
Infrastructure & Operations
IT-Managed Tools
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: Gavin, Assigned: nmaul)
Details
http://www.mediawiki.org/wiki/Extension:RSS
This would be useful for incorporating status updates from http://benjamin.smedbergs.us/weekly-updates.fcgi/ into weekly meeting notes.
Reporter | ||
Comment 1•11 years ago
|
||
jakem, is this something your team can help with? Do I need to file a secreview bug?
Flags: needinfo?(nmaul)
Comment 2•11 years ago
|
||
I would get a secreview. Wikimedia uses this on the Foundation wiki, but it has restricted access.
Reporter | ||
Updated•11 years ago
|
Flags: sec-review?
Comment 3•11 years ago
|
||
requesting sec-review from Yvan for now so this doesn't get lost. A recent bugzilla change broke our queries and the needinfo request is effectively hiding this bug (see bug 828344 comment 72)
Flags: sec-review? → sec-review?(yboily)
Assignee | ||
Comment 4•11 years ago
|
||
I have no concerns about this apart from sec-review. Seems like it'd be easy to install.
The sec-review flag should be sufficient for starters. They'll tell us if they want a separate bug. Usually seems to depend on how trivial the thing being reviewed is. This plugin doesn't seem *too* complicated...
Flags: needinfo?(nmaul)
Updated•11 years ago
|
Flags: sec-review?(yboily) → sec-review?(sarentz)
Comment 5•11 years ago
|
||
My only concern are these two config options:
$wgRSSAllowLinkTag
$wgRSSAllowImageTag
When set to true, they will allow <A> and <IMG> tags in article bodies. I am not concerned about links and images but they do not seem to filter out HREF and SRC attributes that point to javascript: sources.
I'll dig a little deeper. Should have an answer tomorrow.
Comment 6•11 years ago
|
||
Ok so Mediawiki does have a Tag and Attribute sanitizer and they do filter out Javascript, also on content of RSS feeds.
I think the risk for this plugin is low, but I would recommend to use the $wgRSSUrlWhitelist setting to limit the RSS feeds to ones we know and trust.
So looks good, go ahead.
Flags: sec-review?(sarentz) → sec-review+
Reporter | ||
Comment 7•11 years ago
|
||
I don't know how the whitelist works exactly, but I am most interested in including RSS feeds from http://benjamin.smedbergs.us/weekly-updates.fcgi/.
Reporter | ||
Updated•11 years ago
|
Assignee: nobody → nmaul
Assignee | ||
Comment 8•11 years ago
|
||
Moving to the proper component so we can get this installed! :)
Assignee: nmaul → server-ops-webops
Component: wiki.mozilla.org → WebOps: IT-Managed Tools
Product: Websites → Infrastructure & Operations
QA Contact: nmaul
Version: unspecified → other
Assignee | ||
Comment 9•10 years ago
|
||
Sorry for the very long delay.
I've rolled this out on wiki-dev.allizom.org and wiki.allizom.org. Would you care to confirm that it's working and nothing seems horribly broken? (that is, nothing that wasn't already broken anyway!)
If this looks good, it's an easy deploy to production.
Assignee: server-ops-webops → nmaul
Reporter | ||
Comment 10•10 years ago
|
||
Wow, thanks. I'm getting:
Extension:RSS -- Error: "http://benjamin.smedbergs.us/weekly-updates.fcgi/project/firefox/feed" is not in the whitelist of allowed feeds. There are no allowed feed URLs in the whitelist.
on wiki.allizom.org
Can you adjust wgRSSUrlWhitelist to include benjamin.smedbergs.us? I'm not sure what form the whitelist takes...
Reporter | ||
Comment 11•10 years ago
|
||
https://wiki.allizom.org/User:GavinSharp/Dashboard is where I was testing this.
Assignee | ||
Comment 12•10 years ago
|
||
Ah! I didn't realize it used an allow/deny list. Sure... done.
Sadly, it appears that his feed is an Atom feed, not an RSS one. Compare:
https://wiki.allizom.org/User:Stagetest
https://wiki.allizom.org/User:GavinSharp/Dashboard
The former uses http://blog.wikimedia.org/feed/ and https://blog.mozilla.org/feed/, which are both RSS feeds. All 3 feeds render similarly in Firefox, but bsmedberg's renders very poorly on wikimo using this extension.
Next step for that particular feed might be to reach out to him to see if there's a usable RSS feed, or if one could be worked up. Failing that, finding a similar extension that can render Atom feeds (after a cursory search, I haven't found anything obvious). Failing that, there are libraries and/or services that purport to convert an Atom feed into RSS... I have no idea what sort of risk that might pose or how complicated they would be to set up (I tried the free one at http://devtacular.com/utilities/atomtorss/, and the RSS extension balks at the generated XML).
Assignee | ||
Comment 13•10 years ago
|
||
I've deployed this to production and populated the whitelist with a handful of obvious Mozilla feeds (including bsmedberg's, even though it's an Atom feed and doesn't render properly).
Sorry the feed you wanted didn't work out. If we can come up with another possibility (a similar extension for Atom feeds, or a conversion, or a new link to an RSS feed), please re-open this or file a new bug as appropriate. Thanks!
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•