loggerhead-breezy

enable raw links (configurable?)

Bug #718982 reported by John A Meinel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
loggerhead
Triaged
Low
Unassigned
loggerhead-breezy
Triaged
Low
Unassigned

Bug Description

The old loggerhead trunk used 'raw' instead of 'view' as the default content link from the Inventory page.

The primary concern was XSS serving raw content.
A secondary concern is that leaving the HTML interface (with navigation, etc) should be a final step, not an expected step.

As such, it seems like Raw should be available from View (if it is enabled). It would also be possible to have 1-more icon on the Inventory page that was the raw link.

We definitely want to be able to disable this easily, because of XSS concerns. I believe beyond that:

a) Max had done some work to give every branch its own http context, so that Raw links could not be used for XSS. I won't claim to understand the details here. It might have been as simple as a different domain per branch?

b) Most small sites would not be very concerned with XSS. Loggerhead itself doesn't hold any state (no cookies, etc) so there isn't any content to be stolen via XSS. It depends on how people would integrate Loggerhead with their site that could introduce vulnerabilities from there.

Note that the original motivation for Raw was performance, because Annotate view was slow. But we now have View which is an HTML view of the content without annotations. Performance may still be slow because Pygments still does highlighting (?). If performance is still an issue, putting Raw links on inventory makes sense. Since then you can still view the content.

A further option is one more step between View and Raw, which is a view that only escapes into HTML, but does not do any highlighting, etc.

Revision history for this message
Martin Pool (mbp) wrote : Re: [Bug 718982] [NEW] enable raw links (configurable?)

On 15 February 2011 07:45, John A Meinel <email address hidden> wrote:
> A further option is one more step between View and Raw, which is a view
> that only escapes into HTML, but does not do any highlighting, etc.

I think that would be good and useful. One specific case for this is
copy-and-pasting bits of the file or the whole thing, and we should
check that works well in practice, including handling of whitespace
etc.

Revision history for this message
John A Meinel (jameinel) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2/14/2011 3:35 PM, Martin Pool wrote:
> On 15 February 2011 07:45, John A Meinel <email address hidden> wrote:
>> A further option is one more step between View and Raw, which is a view
>> that only escapes into HTML, but does not do any highlighting, etc.
>
> I think that would be good and useful. One specific case for this is
> copy-and-pasting bits of the file or the whole thing, and we should
> check that works well in practice, including handling of whitespace
> etc.
>

My guess is that with HTML escapes, you'll end up cutting and pasting
the escaped form, but I won't guarantee that.

John
=:->

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1ZowcACgkQJdeBCYSNAAMuvQCeMrnhCnfm9ydcX+xyLHGqFBV4
/8AAoMWhHpREbhUB5CjDf2G+TUIPotGq
=Uiql
-----END PGP SIGNATURE-----

Revision history for this message
Martin Pool (mbp) wrote :

On 15 February 2011 08:47, John Arbash Meinel <email address hidden> wrote:
> My guess is that with HTML escapes, you'll end up cutting and pasting
> the escaped form, but I won't guarantee that.

No, you do get the unescaped form (assuming you don't copy from the
view-source window). However, regular Launchpad has some bugs in this
area so we need to be a bit careful.

Revision history for this message
John A Meinel (jameinel) wrote :

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2/14/2011 3:59 PM, Martin Pool wrote:
> On 15 February 2011 08:47, John Arbash Meinel <email address hidden> wrote:
>> My guess is that with HTML escapes, you'll end up cutting and pasting
>> the escaped form, but I won't guarantee that.
>
> No, you do get the unescaped form (assuming you don't copy from the
> view-source window). However, regular Launchpad has some bugs in this
> area so we need to be a bit careful.
>

Stuff like breaking internal whitespace? (Because "+ foo" doesn't get
the internal spaces translated and HTML defaults to collapsing whitespace)

Would just wrapping the whole thing in a <pre> be sufficient?

John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1ZpokACgkQJdeBCYSNAAPxPQCfUlEEmrXzrxZg0AmEqyUZ312j
YeoAnA1pzhCUAdInIAAdmALmiP2yVfcT
=QLr0
-----END PGP SIGNATURE-----

Robert Collins (lifeless)
Changed in loggerhead:
status: Confirmed → Triaged
importance: Medium → High
Robert Collins (lifeless)
Changed in loggerhead:
importance: High → Low
Jelmer Vernooij (jelmer)
Changed in loggerhead-breezy:
status: New → Triaged
importance: Undecided → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.