Closed Bug 1127705 Opened 7 years ago Closed 4 years ago

Please add Ohloh Widget

Categories

(Websites :: wiki.mozilla.org, defect)

x86_64
Windows 8.1
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: Callek, Unassigned)

Details

(Whiteboard: [featurerequest] [widget])

Can you tell us a bit more about why you're requesting this widget? A brief use case or user story would suffice.
Flags: needinfo?(bugspam.Callek)
Whiteboard: [featurerequest] [widget]
My thought on this would be so we can show some status/info on a page like:

https://wiki.mozilla.org/ReleaseEngineering/Repositories/tooltool
or
https://wiki.mozilla.org/ReleaseEngineering/Repositories/buildbot-configs

from the Ohloh pages.

I'm one of the ohloh admins for "Mozilla" and am a fan of lots of their community/project tracking (though github also has a lot of similar features for all that stuff, so might be a good addition/alternative)

That said, ohloh (openhub.net) has over the years been pretty darn slow on occassion, including bouts of "under heavy load"/"maintenance". (like it is right now, so I can't pull up an example or two of these for mozilla projects)

So we should ensure the code for this widget cannot hard-block any wiki things, like overall page load.
Flags: needinfo?(bugspam.Callek)
Flags: needinfo?(ckoehler)
I've installed this on our dev wiki. However, it loads third-party javascript, which is not generally allowed by Mozilla policy unless we have a specific relationship with the vendor/site. I'm working on getting more details about this since it's just something I can recall and I don't know if it's documented anywhere.

Looking at the javascript, all it seems to do is generate an iframe with the appropriate widget html. We might be able to reproduce this without having to include the third-party javascript.
Flags: needinfo?(ckoehler)
(In reply to Christie Koehler [:ckoehler] from comment #3)
> Looking at the javascript, all it seems to do is generate an iframe with the
> appropriate widget html. We might be able to reproduce this without having
> to include the third-party javascript.

If thats all it does I can help own doing the not-3rd-party JS, imo even if there is not a specific policy on it, should it not be needed I'd like to avoid it (from a sec POV) since it makes it far easier to do cross-origin or cookie-origin based attacks.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.