Closed
Bug 698034
Opened 13 years ago
Closed 11 years ago
host htmlpad.org on Mozilla infra
Categories
(Infrastructure & Operations Graveyard :: WebOps: Other, task, P5)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: mrz, Assigned: mrz)
References
Details
(Whiteboard: [triaged 20120824][waiting][appsec][site-owner])
This app is so useful. We should pull it in house an treat it like a prod app. On Thu Oct 27 22:54:35 2011, matthew zeier wrote: What's it take to get this hosted on mozilla infra? It should be pretty easy, actually--it's a very simple django project: https://github.com/toolness/htmlpad Who typically deals with deploying stuff like this? - Atul
Updated•13 years ago
|
Component: Server Operations → Server Operations: Web Operations
Comment 1•13 years ago
|
||
This allows users to inject full HTML and javascript. We'll probably have to, at least, buy a domain for this, but security should look at it too.
Component: Server Operations: Web Operations → Server Operations: Security
QA Contact: cshields → mcoates
Comment 2•13 years ago
|
||
(In reply to Jeremy Orem [:oremj] from comment #1) > This allows users to inject full HTML and javascript. We'll probably have > to, at least, buy a domain for this, but security should look at it too. Yes, if this allows user controlled html or javascript then it will have to have its own domain. Please file a security review request for this app and we'll take a look: https://wiki.mozilla.org/WebAppSec/Security_Review_Request
Updated•13 years ago
|
Whiteboard: [2012q1]
Updated•12 years ago
|
Component: Server Operations: Security → Security Assurance: Operations
Updated•12 years ago
|
Component: Security Assurance: Operations → Server Operations
QA Contact: mcoates → phong
Comment 3•12 years ago
|
||
Nothing for OpSec to do here. Moving back to server operations.
Updated•12 years ago
|
Assignee: server-ops → bburton
Updated•12 years ago
|
Assignee: bburton → server-ops
Updated•12 years ago
|
Component: Server Operations → Server Operations: Web Operations
QA Contact: phong → cshields
Whiteboard: [2012q1] → [2012q2]
Updated•12 years ago
|
Whiteboard: [2012q2] → [2012q2] [pending secreview]
Updated•12 years ago
|
Assignee: server-ops → server-ops-webops
Whiteboard: [2012q2] [pending secreview] → [pending secreview]
Comment 4•12 years ago
|
||
This bug might as well be the sec review bug... all the information I have is already here, and there's no WebOps work until we have some commentary from AppSec. The github repo is in comment 0. Note that http://htmlpad.org/ currently doesn't actually work. I believe it's been broken ever since our Etherpad installation began forcing SSL with a redirect. This is probably a simple fix in the htmlpad code. This particular domain is already owned by a Mozilla employee (Atul Varma)... with his good graces we could conceivably transfer that domain to our ownership and move it under our standard registration/DNS/hosting infrastructure. I don't know if there are any security concerns beyond needing to be hosted on a separate domain.
Flags: sec-review?
Whiteboard: [pending secreview]
Updated•12 years ago
|
Group: infra
Updated•12 years ago
|
Whiteboard: [waiting][appsec][site-owner]
Updated•12 years ago
|
Severity: minor → normal
Priority: -- → P5
Updated•12 years ago
|
Whiteboard: [waiting][appsec][site-owner] → [triaged 20120824][waiting][appsec][site-owner]
Assignee | ||
Updated•12 years ago
|
Updated•12 years ago
|
Flags: sec-review? → sec-review?(mfuller)
Comment 5•11 years ago
|
||
This app doesn't work, and absolutely nothing has happened lately to fix it. And it's likely to break again when we moved to Etherpad Lite. I recommend folks switch to https://thimble.webmaker.org/en-US/editor, which is tailor-made to do more or less precisely what htmlpad does/did.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
Updated•11 years ago
|
Flags: sec-review?(matthewdf10)
Updated•11 years ago
|
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Updated•5 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•