Project

General

Profile

Feature #16872

Make it obvious to visitors of the staging website that it is not trustworthy

Added by Anonymous 9 months ago. Updated about 1 month ago.

Status:
Confirmed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Website
Blueprint:
Starter:
Affected tool:
Translation Platform

Description

This was mentioned by hefee as a nice to have.


Related issues

Related to Tails - Feature #15080: Integrate the staging website with the interface Confirmed 06/11/2018
Related to Tails - Feature #15360: Refresh the Weblate staging website more often In Progress 03/02/2018

History

#1 Updated by intrigeri 7 months ago

  • Related to Feature #15080: Integrate the staging website with the interface added

#2 Updated by intrigeri 7 months ago

  • Related to Feature #15360: Refresh the Weblate staging website more often added

#3 Updated by Anonymous 7 months ago

  • Description updated (diff)

#4 Updated by intrigeri 7 months ago

What problems are we trying to solve here?

There might be cheap solutions to the most important ones, or not.

#5 Updated by hefee about 1 month ago

@intrigeri:

What problems are we trying to solve here?

There might be cheap solutions to the most important ones, or not.

The problem that we want to solve here, is that a malicious user can create a suggestion via Weblate and our automatic system refreshes the staging website with the suggestion. After that a malicious user can share the link to the staging website with content controlled by himself. A user may just follow the link and does not recognize that it is not the official documentation.
That's why I think it must be obvious for anyone visiting the staging website, that it is NOT the official documentation.
IMO an very easy solution would be to replace the top banner or add another staging banner without breaking the layout too much.

#6 Updated by intrigeri about 1 month ago

  • Subject changed from Make it obvious to translators that they are visiting the staging website to Make it obvious to visitors of the staging website that it is not trustworthy

Hi @hefee,

hefee wrote:

The problem that we want to solve here, is that a malicious user can create a suggestion via Weblate and our automatic system refreshes the staging website with the suggestion. After that a malicious user can share the link to the staging website with content controlled by himself. A user may just follow the link and does not recognize that it is not the official documentation.
That's why I think it must be obvious for anyone visiting the staging website, that it is NOT the official documentation.

I see. This makes perfect sense to me, thanks! I'm updating the title of this issue to reflect this accurately (the "to translators" aspect was what got me a bit confused initially).

IMO an very easy solution would be to replace the top banner or add another staging banner without breaking the layout too much.

Sounds good.

#7 Updated by hefee about 1 month ago

@intrigeri

IMO an very easy solution would be to replace the top banner or add another staging banner without breaking the layout too much.

Sounds good.

but now the question, how to replace the banner technically/easily and what banner should be used ;)

#8 Updated by intrigeri about 1 month ago

Hi,

how to replace the banner technically/easily

You made me curious so I've spent 10 minutes researching this ("this" being: how to apply CSS depending on the current page's URI; whether said CSS changes the banner image, or the background, or some color, is not particularly relevant at this zoom level).

Unfortunately, I've found no solution I find great. But maybe one of these is good enough?

The options I've found are:

  • Do it with JavaScript
    • pros: rather easy to implement
    • cons: the JS code would have to run on our production website too
  • OS-level "replace/tweak file whenever it's modified" mechanism, e.g. a systemd.path(5) unit
    • pros: requires system programming skills, which we are collectively better at Tails than at web technologies
    • cons: requires inelegant kludges to avoid infinite recursion
  • update-staging-website.sh could replace the banner image file
    • pros: mostly trivial to implement
    • cons: ineffective while ikiwiki is rebuilding/refreshing the staging website ⇒ can't be relied upon as a security measure
  • Do it with the experimental \@document CSS at-rule (https://developer.mozilla.org/en-US/docs/Web/CSS/@document)
    • pros: mostly trivial to implement
    • cons: only works in Firefox 61 with an opt-in pref enabled ⇒ currently totally useless

Also available in: Atom PDF