Open Bug 1449026 Opened 7 years ago Updated 7 years ago

Infosec review of third party code (js) for use on www.mozilla.org

Categories

(mozilla.org :: Security Assurance: Review Request, task)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

People

(Reporter: erenaud, Unassigned)

References

Details

Marketing requirements for the Portland campaign include the use of a 3rd party font on www.mozilla.org We've licensed the font, which requires use of js to track page views. The code needing review and sign off by Infosec is here https://bugzilla.mozilla.org/attachment.cgi?id=8962437
Blocks: 1448164
Please note required launch of the webpage is 3/30/2018
If it helps, the page is on a demo server [1], and the code is available in an in-progress PR [2]. [1] https://bedrock-demo-jpetto.us-west.moz.works/en-US/firefox/new/?xv=portland [2] https://github.com/mozilla/bedrock/pull/5525/
CCing April
Do you have the un-minified JavaScript for code review?
Jon - please see April's question above
Flags: needinfo?(jon)
:jpetto ripped out that script, so I got my only security concern answered. Thanks so much!
Flags: needinfo?(jon)
You need to log in before you can comment on or make changes to this bug.