Feature #16872
Make it obvious to visitors of the staging website that it is not trustworthy
0%
Description
This was mentioned by hefee as a nice to have.
Related issues
History
#1 Updated by intrigeri 7 months ago
- Related to Feature #15080: Integrate the staging website with the interface added
#2 Updated by intrigeri 7 months ago
- Related to Feature #15360: Refresh the Weblate staging website more often added
#5 Updated by hefee about 1 month ago
@intrigeri:
What problems are we trying to solve here?
There might be cheap solutions to the most important ones, or not.
The problem that we want to solve here, is that a malicious user can create a suggestion via Weblate and our automatic system refreshes the staging website with the suggestion. After that a malicious user can share the link to the staging website with content controlled by himself. A user may just follow the link and does not recognize that it is not the official documentation.
That's why I think it must be obvious for anyone visiting the staging website, that it is NOT the official documentation.
IMO an very easy solution would be to replace the top banner or add another staging banner without breaking the layout too much.
#6 Updated by intrigeri about 1 month ago
- Subject changed from Make it obvious to translators that they are visiting the staging website to Make it obvious to visitors of the staging website that it is not trustworthy
Hi @hefee,
hefee wrote:
The problem that we want to solve here, is that a malicious user can create a suggestion via Weblate and our automatic system refreshes the staging website with the suggestion. After that a malicious user can share the link to the staging website with content controlled by himself. A user may just follow the link and does not recognize that it is not the official documentation.
That's why I think it must be obvious for anyone visiting the staging website, that it is NOT the official documentation.
I see. This makes perfect sense to me, thanks! I'm updating the title of this issue to reflect this accurately (the "to translators" aspect was what got me a bit confused initially).
IMO an very easy solution would be to replace the top banner or add another staging banner without breaking the layout too much.
Sounds good.
#7 Updated by hefee about 1 month ago
@intrigeri
IMO an very easy solution would be to replace the top banner or add another staging banner without breaking the layout too much.
Sounds good.
but now the question, how to replace the banner technically/easily and what banner should be used ;)
#8 Updated by intrigeri about 1 month ago
Hi,
how to replace the banner technically/easily
You made me curious so I've spent 10 minutes researching this ("this" being: how to apply CSS depending on the current page's URI; whether said CSS changes the banner image, or the background, or some color, is not particularly relevant at this zoom level).
Unfortunately, I've found no solution I find great. But maybe one of these is good enough?
The options I've found are:
- Do it with JavaScript
- pros: rather easy to implement
- cons: the JS code would have to run on our production website too
- OS-level "replace/tweak file whenever it's modified" mechanism, e.g. a
systemd.path(5)unit- pros: requires system programming skills, which we are collectively better at Tails than at web technologies
- cons: requires inelegant kludges to avoid infinite recursion
update-staging-website.shcould replace the banner image file- pros: mostly trivial to implement
- cons: ineffective while ikiwiki is rebuilding/refreshing the staging website ⇒ can't be relied upon as a security measure
- Do it with the experimental
\@documentCSS at-rule (https://developer.mozilla.org/en-US/docs/Web/CSS/@document)- pros: mostly trivial to implement
- cons: only works in Firefox 61 with an opt-in pref enabled ⇒ currently totally useless