523521 - Finding a way to host bugzilla iFrames on wiki.mozilla.org (protected template?)

Status: RESOLVED INCOMPLETE

(mozilla.org Graveyard :: Server Operations: Projects, task)

Description

[Alex Faaborg [:faaborg] (Firefox UX)]

[not sure if this is the right component, please change if there is a better place to file wiki.mozilla.org bugs]

The Firefox team is now managing all work through wiki.mozilla.org, with each major area of work being given a project page.  Each project page is subsequently supposed to link to all of the relevant bugs on bugzilla.mozilla.org for implementation.

Ideally we would be able to use a protected template on wiki.mozilla.org that hosted Bugzilla dependency trees in an iFrame, so we wouldn't have to manually manage bug lists across two different sites. (which is tedious and error prone).

I know there are a lot of serious cross site scripting vulnerabilities involved with allowing html on a wiki, but is there anyway we could securely allow for inline bugzilla.mozilla.org dependency trees on wiki.mozilla.org?

Comment 1

[Dave Miller [:justdave]]

Probably the safest thing would be to implement some markup for it in an extension dedicated for that purpose.

Comment 2

[Reed Loden [:reed]]

http://www.mediawiki.org/wiki/Extension:BugzillaReports is pretty neat... Too bad it requires read access to the database, which won't ever happen.

Comment 3

[matthew zeier [:mrz]]

Chris, this is basically looking for a custom MediaWiki extention - any security concerns?

Comment 4

[Chris Lyon [:clyon]]

(In reply to comment #3)
> Chris, this is basically looking for a custom MediaWiki extention - any
> security concerns?


So an extension that would connect to the bugzilla database to display bugs?
If that is the case, yeah there are security concerns.

Comment 5

[Shyam Mani [:fox2mike]]

I don't think this is going anywhere, been stuck at ideas for a while and we obviously can't allow access to the DB. 

Reopen with better ideas if any?