Page MenuHomePhabricator
Create Task
Maniphest T346292

Test the sandboxed Graph extension on the beta cluster
Closed, DeclinedPublic
Actions

Description

This task involves the work of testing the sandboxed Graph extension (T222807: Sandbox Graph extension into an iframe) on the beta cluster.

Doing so, we think, will afford volunteers the space they need to:

  1. Experiment with, and subsequently, become familiar with the sandboxed approach
  2. Identify adjustments that may make the extension more robust
  3. Learn how current graphs may need to be updated to be compatible with the sandboxing approach

Open questions

  • 1. What value could lie in investing in enabling volunteers to sandbox arbitrary Javascript?
    • It would make it easier to look for security holes in the sandboxing approach: you wouldn't have to find a security hole in the sandboxing and in Vega at the same time to demonstrate an exploit. via T346292#9165470
  • 2. Will we prioritize implementing what "1." describes now?

Related Objects
Search...

Event Timeline

ppelberg created this task.Sep 14 2023, 12:45 AM
Tgr renamed this task from Deploy the sandboxed Graph extension on the beta cluster to Test the sandboxed Graph extension on the beta cluster.Sep 14 2023, 4:53 AM
Tgr updated the task description. (Show Details)
  1. What value could lie in investing in enabling volunteers to sandbox arbitrary Javascript?

It would make it easier to look for security holes in the sandboxing approach: you wouldn't have to find a security hole in the sandboxing and in Vega at the same time to demonstrate an exploit.

Base subscribed.Sep 14 2023, 9:25 AM
ppelberg updated the task description. (Show Details)Sep 14 2023, 4:42 PM
Rasputin1493 subscribed.Sep 14 2023, 6:00 PM
Tgr added a parent task: T222807: Sandbox Graph extension into an iframe.Sep 15 2023, 10:37 AM
Bugreporter closed this task as Declined.Apr 11 2024, 1:49 PM
Bugreporter subscribed.

Per T334940#9705555

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits