Confirmed users
19
edits
Webpagemakerapi: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
|'''Projected Freeze Date:''' || <Placeholder> | |'''Projected Freeze Date:''' || <Placeholder> | ||
|- | |- | ||
|'''Product Champions:''' || [ | |'''Product Champions:''' || [https://mozillians.org/simonwex Simon Wex], [[User:davida|David Ascher]] | ||
|- | |- | ||
|'''Privacy Champions:''' || | |'''Privacy Champions:''' || | ||
| Line 64: | Line 64: | ||
== Stored Data == | == Stored Data == | ||
End-user created HTML documents are stored in MySQL. | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! | ! Risk | ||
! | ! Mitigation Strategy | ||
|- | |||
| Copyrighted work can be stored and distributed through the API | |||
| | |||
* Documents will require DOCTYPE definitions and syntactically correct HTML | |||
* Documents will be limited to 10,000 characters | |||
|- | |||
| Documents hosted via the API could be used as link farms | |||
| | |||
* nofollow attributes will be inserted in all "a" tags via Bleach | |||
|- | |||
| Javascript could be used in a multitude of ways to compromise client machines | |||
| | |||
* All Javascript will be stripped using Bleach before it is served | |||
|- | |- | ||
| | | Database insertion could be used as a DOS attack vector | ||
| | | | ||
* Rate limiting will be implemented along with above size limitations | |||
|} | |} | ||