Hello,
I tried to discuss this on #wikimedia-mobile on Freenode, but nobody could explain this to me:
I'm building a website that allows the users to view Wikipedia changes correlated to rDNS names of their editors and I wanted to implement a "random mode" that allows thm to see all edits made by a given rDNS domain - the user would just press F5 and see the editor in context like this:
http://wikispy.wmflabs.org/by_rdns_random/plwiki/.gov.pl
I would definitely prefer to use the mobile version of Wikipedia though or at least Special:MobileEdit, but both disallow framing. Is there any specific reason for that? I would guess that this is for security, but I have to admit I don't know what could be gained by showing the MobileDiff in a frame.
Cheers, d33tah
On May 15, 2015 2:14 PM, "Jacek Wielemborek" d33tah@gmail.com wrote:
Hello,
I tried to discuss this on #wikimedia-mobile on Freenode, but nobody could explain this to me:
I'm building a website that allows the users to view Wikipedia changes correlated to rDNS names of their editors and I wanted to implement a "random mode" that allows thm to see all edits made by a given rDNS domain - the user would just press F5 and see the editor in context like this:
http://wikispy.wmflabs.org/by_rdns_random/plwiki/.gov.pl
I would definitely prefer to use the mobile version of Wikipedia though or at least Special:MobileEdit, but both disallow framing. Is there any specific reason for that? I would guess that this is for security, but I have to admit I don't know what could be gained by showing the MobileDiff in a frame.
We're trying to avoid various clickjacking and redressing attacks. If you prefill an edit form and position the iframe so it only shows the submit button bellow a "comment form" on your website, you can get other people to submit your vandalism.
It would be great if someone compiled the styles so that you could pull the HTML via the api and have everything look right. But I don't know if anyone has done that.
Cheers, d33tah
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Fri, May 15, 2015 at 3:14 PM, Jacek Wielemborek d33tah@gmail.com wrote:
Hello,
I tried to discuss this on #wikimedia-mobile on Freenode, but nobody could explain this to me:
I'm building a website that allows the users to view Wikipedia changes correlated to rDNS names of their editors and I wanted to implement a "random mode" that allows thm to see all edits made by a given rDNS domain - the user would just press F5 and see the editor in context like this:
http://wikispy.wmflabs.org/by_rdns_random/plwiki/.gov.pl
I would definitely prefer to use the mobile version of Wikipedia though or at least Special:MobileEdit, but both disallow framing. Is there any specific reason for that? I would guess that this is for security, but I have to admit I don't know what could be gained by showing the MobileDiff in a frame.
Cheers, d33tah
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
I don't know about normal mobile page views, but edit views are not allowed to be framed to prevent click-jacking attacks [1]
--bawolff
wikitech-l@lists.wikimedia.org