Well the answer is right there in what you posted.
No script took the url for
File:Commodore_Grace_M._Hopper,_USN_(covered).jpg and replaced the
brackets with spaces. (%28 and %29 or '(' and ')' respectively. %20
means <space>)
If you want to be able to look at images with brackets in their names,
I guess you'll have to disable the noscript extension, which seems to
think its a good idea to replace brackets with spaces, in some
misguided attempt to reduce the likelyhood of an XSS.
--
-Bawolff
On 10/25/15, Pine W <wiki.pine(a)gmail.com> wrote:
*Here is the 404:*
"404 Not Found
The resource could not be found.
File not found: /v1/AUTH_mw/
wikipedia-commons-local-public.ad/a/ad/Commodore_Grace_M._Hopper,_USN_%20covered%20.jpg
"
*Below is the log from the browser console. It looks like Noscript thinks
that going from
commons.wikimedia.org <http://commons.wikimedia.org> to
upload.wikimedia.org <http://upload.wikimedia.org> involves an untrusted
XSS. I can tell Noscript to do what it considers to be an unsafe reload and
it will then load the image properly.*
NS_ERROR_FAILURE: Component returned failure code: 0x80004005
(NS_ERROR_FAILURE) [nsIWebProgress.addProgressListener] browser.xml:546:0
[NoScript InjectionChecker] JavaScript Injection in
///wikipedia/commons/a/ad/Commodore_Grace_M._Hopper,_USN_(covered).jpg
(function anonymous() {
wikipedia/commons/a/ad/Commodore_Grace_M._Hopper,_USN_(covered).jpg /*
COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript InjectionChecker] JavaScript Injection in
///wiki/File:Commodore_Grace_M._Hopper,_USN_(covered).jpg
(function anonymous() {
File:Commodore_Grace_M._Hopper,_USN_(covered).jpg /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Sanitized suspicious request referer. URL [
https://upload.wikimedia.org/wikipedia/commons/a/ad/Commodore_Grace_M._Hopp…
(REF:
https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_(cov…)]
requested from [
https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_(cov…].
Sanitized Referrer: [
https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_%20c…
].
[NoScript XSS] Sanitized suspicious request. Original URL [
https://upload.wikimedia.org/wikipedia/commons/a/ad/Commodore_Grace_M._Hopp…]
requested from [
https://commons.wikimedia.org/wiki/File:Commodore_Grace_M._Hopper,_USN_(cov…].
Sanitized URL: [
https://upload.wikimedia.org/wikipedia/commons/a/ad/Commodore_Grace_M._Hopp…
].
[NoScript HTTPS] AUTOMATIC SECURE on
https://upload.wikimedia.org:
WMF-Last-Access=25-Oct-2015;
domain=upload.wikimedia.org; path=/; HttpOnly;
Secure
TypeError: self.urlTooltipLabel is undefined
*Pine*
On Sun, Oct 25, 2015 at 12:01 PM, Brian Wolff <bawolff(a)gmail.com> wrote:
On 10/24/15, Pine W <wiki.pine(a)gmail.com>
wrote:
When I right-click on the image download link
for
File:Commodore_Grace_M._Hopper,_USN_(covered).jpg the download I get is
only 269 bytes and it contains a 404 error in plaintext even though it's
a
jpg file.
When I click on the image preview that's 480x600 pixels, I get an XSS
warning from Noscript.
All other images download ok for me.
Any knowledge of what the issue is with this one file?
Thanks,
Pine
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
I have a vauge memory of hearing a similar report once before but I
can't find any report about it. Something about noscript not liking
brackets in image urls, especially when using media viewer, and
redirecting the url to something invalid. (Which if true, is
ultimately noscript's fault for being stupid)
Can you include the exact text of the 404 message (Most importantly,
is it one of ours), and verify the precise url you're downloading to
make sure noscript hasn't messed with it?
--
-bawolff
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l