One thing that comes to mind is that CentralNotice is dependent on JS. Blacklisting browsers means they won't see CentralNotice banners at all.
This isn't really a big concern for Fundraising: it's a small percentage of views, and not having to support these browsers in our increasingly sophisticated banners is probably a blessing. However I wonder about other uses of CentralNotice e.g. letting people know about the recent Privacy Policy and Terms of Use changes. Where we not only want to reach as many users as possible, but may also have legal obligations to.
I'm not really sure how big an issue this is, or how to solve it.
On 6 August 2014 19:52, Erik Moeller erik@wikimedia.org wrote:
Following up on disabling JavaScript support for IE6 [1], here is some additional research on other browsers. I'd appreciate if people with experience testing/developing for/with these browsers would jump in with additional observations. I think we should wait with adding other browsers to the blacklist until the IE6 change has been rolled out, which may expose unanticipated consequences (it already exposed that Common.js causes errors in blacklisted browsers, which should be fixed once [2] is reviewed and merged).
As a reminder, the current blacklist is in <resources/src/startup.js>.
As a quick test, I tested basic browsing/editing operation on English Wikipedia with various browsers. Negative results don't necessarily indicate that we should disable JS support for these browsers, but they do indicate the quality of testing that currently occurs for those browsers. Based on a combination of test results, unpatched vulnerabilities and usage share, an initial recommendation for each browser follows.
Note that due to the heavy customization through gadgets/site scripts, there are often site-specific issues which may not be uncovered through naive testing.
== Microsoft Internet Explorer 7.x ==
Last release in series: April 2009
- Browsing: Most pages work fine (some styling issues), but pages with
audio files cause JavaScript errors (problem in TMH).
- Editing: Throws JS error immediately (problem in RefToolbar)
Both of these errors don't occur in IE8.
Security vulnerabilities:
Secunia reports 15 out of 87 vulnerabilities as unpatched, with the most serious one being rated as "moderately critical" (which is the same as IE6, while the most serious IE8 vulnerability is rated "less critical").
Usage: <1%
Recommendation: Add to blacklist
== Opera 8.x ==
Last release in series: September 2005
Browsing/editing: Works fine, but all JS fails due to a script execution error (which at least doesn't cause a pop-up).
Security: Secunia reports 0 unpatched vulnerabilities (out of 26).
Usage: <0.25%
Recommendation: Add to blacklist
== Opera 10.x-12.x ==
Last release in series: April 2014
Browsing/editing: Works fine, including advanced features like MediaViewer (except for 10.x)
Security: No unpatched vulnerabilities in 12.x series according to Secunia, 2 unpatched vulnerabilities in 11.x ("less critical") and 1 unpatched vulnerability in 10.x ("moderately critical")
Usage: <1%
Recommendation: Maintain basic JS support, but monitor situation re: 10.x and add that series to blacklist if maintenance cost too high
== Firefox 3.6.* ==
Last release in series: March 2012
Browsing/editing: Works fine (MediaViewer disables itself)
Security: 0 unpatched vulnerabilities according to Secunia
Recommendation: Maintain basic JS support
== Firefox 3.5.* ==
Last release in series: April 2011
Browsing/editing: Works fine (MediaViewer disables itself)
Security: 0 unpatched vulnerabilities according to Secunia
Recommendation: Maintain basic JS support
== Safari 4.x ==
Last release in series: November 2010
Browsing/editing: Works fine
Security: 1 unpatched "highly critical" vulnerability according to Secunia ("exposure of sensitive information")
Recommendation: Maintain basic JS support, but monitor
== Safari 3.x ==
Last release in series: May 2009
Browsing/editing: Completely messed up, looks like CSS doesn't get loaded at all
Security: 2 unpatched vulnerabilities, "highly critical"
Usage share: Usage reports for Safari in [3] are broken, all Safari versions are reported as "0.0". However, [4] suggests that Safari 3 usage is negligible/non-existent.
Recommendation: Styling issue may be worth investigating in case it affects other browsers and/or is JS-caused. Otherwise probably can be safely ignored.
[1] http://lists.wikimedia.org/pipermail/wikitech-l/2014-August/077952.html [2] https://gerrit.wikimedia.org/r/#/c/152122/ [3] http://stats.wikimedia.org/wikimedia/squids/SquidReportClients.htm [4] http://stackoverflow.com/questions/12655363/what-is-the-most-old-safari-vers... -- Erik Möller VP of Engineering and Product Development, Wikimedia Foundation
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l