Just for the record, which security issues would this be fixing?
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Tue, Jun 11, 2013 at 8:39 PM, Jon Robson jdlrobson@gmail.com wrote:
Many of you on the mailing list should be aware of the troubles that the style attribute brings to mobile [1,2] and the amount of hacks [3] that we have to introduce to work around them.
I still truly believe the only way we can resolve this is a long term rethink of how we approach custom styling on wiki. I have also heard from Chris Steipp that there are security implications with allowing inline styles which such a move would address.
I have submitted a patch [4] (mostly to share ideas and prompt discussion - before you pounce on it be aware I have -2ed it to allow discussion on whether there is a better way to do this - for instance it might be worthy of a new namespace, it might need more protection etc.. ).
All the patch does is allow Template:Foo to have an associated stylesheet Template:Foo.css which is included in pages that use it.
So if the San Francisco article uses templates Foo, Bar and Baz, a style tag will be constructed from the content of Template:Foo.css, Template:Bar.css and Template:Bar.css and inserted into the page. When the templates change the entire page San Francisco is changed and thus the new styling is applied.
This would reduce the need for css hacks in mobile and keep power in editors hands.
On the assumption that this patch makes it into core in some form that in future the mobile site can strip any style attributes from content and use the template css files instead and thus benefit from the ability to use media queries. This could be a long tedious process but I think it needs to be done.
Thanks in advance for your discussion and thoughts around this long standing issue! ~Jon
[1] https://www.mediawiki.org/wiki/Requests_for_comment/Deprecating_inline_style... [2] https://bugzilla.wikimedia.org/show_bug.cgi?id=35704 [3] https://github.com/wikimedia/mediawiki-extensions-MobileFrontend/blob/master... [4] https://gerrit.wikimedia.org/r/68123
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l