Last modified: 2014-11-17 10:35:47 UTC
I made a sample here http://en.wikipedia.org/w/index.php?
It's some crap Encyclopedia Dramatica is spamming on lots of wikis. I replaced the foul language in it
with things like "buggycode" and I'd rather not link to their website. Try viewing the sample I gave in
different web browsers as it gets worse depending on which used.
It would be good to fix page rendering so this code doesn't work.
This should be all on one line:
This is quite a common form of vandalism, and I suppose we could block it with
$wgSpamRegex on Wikimedia sites, though it would just encourage further variants.
Two solutions here; either continue to revert it, or we could consider
blacklisting further CSS attributes, such as z-index etc.
Should we disable the value 'position:fixed' in the sanitizer ?
There's not really any reason to allow position: fixed in article content, probably, but this could
easily be just as disruptive with position: absolute or relative or whatever. Any of those could
overwrite stuff outside the article box. But absolute and relative positioning are standard, useful
CSS properties. Silly vandalism like this can be dealt with easily enough. I suggest WONTFIX.
People seem to use this or some other funky HMTL code to give themselves messed up user and talk
pages with buttons and links outside the normal text window.
Well, this would break [[Template:Featured article]],
[[Template:Pp-semi-protected]], [[Template:Spoken]], and others, to name a few.
... So build-in functionality to make those sorts of icons in the top right of
articles. This functionality needs to be removed. The potential for abuse is
too great; I'm surprised it hasn't been used maliciously yet.
See, for example, http://en.wikipedia.org/wiki/User:Mark/temp
The form at the destination there just leads right back to Wikipedia, but it
could just as easily be used to silently capture usernames and passwords for
unspecified future abuse.
Come now, separation of code and presentation would be good. At a minimum we
could allow the introduction of fancy positioning stuff via items in MediaWiki
namespace... this would preserve the operation of sane site wide things, and
prevent the introduction of ugly one-offs that tend to have poor usability or
violate the principle of least surprise.
Take a look at, for instance, the link created by ImageMap to the source image's
page. That uses absolute positioning. Yes, separating content and markup is
good, but it's not really practical at present while permitting reasonably
flexible formatting, since it's so much slower to have to get sysops involved.
Banning these properties entirely is overkill. What should be prevented is
overlaying anything on top of interface elements; that's bug 9526, and should be
possible to accomplish without resorting to this.
Would there be any way of preventing such absolute positioning from putting
stuff beyond the left hand side of the article area, or above the bottom of the
tabs? The main concern is preventing all those links from being hijacked.
People using this for horrendous unaesthetic user pages is a secondary matter.
That's exactly my point. See bug 9526 for a proposed solution.
*** Bug 14346 has been marked as a duplicate of this bug. ***
*** Bug 9526 has been marked as a duplicate of this bug. ***
*** Bug 7303 has been marked as a duplicate of this bug. ***
May also be a good idea to blacklist the 'overflow' attrib. as well. See Bug 14346 for examples of disruption using this attribute.
*** Bug 15066 has been marked as a duplicate of this bug. ***