Projects MediaWiki-skins-Foreground

MediaWiki-skins-ForegroundComponent
ActivePublic
Watch Project

Members

  • This project does not have any members.
  • View All

Watchers (1)

Details

Source Repo
https://gerrit.wikimedia.org/g/mediawiki/skins/Foreground
Description

The Foreground skin focuses on putting your content in the foreground. It supports responsive layouts and has classes predefined for Semantic MediaWiki. Built on Zurb's Foundation Framework (v5.5.3), a "mobile first" and advanced responsive front-end framework.

Recent Activity
View All

Today

Samwilson closed T362461: Search form input is misaligned in Firefox as Resolved.
Wed, Jul 17, 12:07 AM · MediaWiki-skins-Foreground

Yesterday

Maintenance_bot removed a project from T362461: Search form input is misaligned in Firefox: Patch-For-Review.
Tue, Jul 16, 6:31 PM · MediaWiki-skins-Foreground
gerritbot added a comment to T362461: Search form input is misaligned in Firefox.

Change #1052298 merged by jenkins-bot:

[mediawiki/skins/Foreground@master] Fix misaligned search form in top bar

https://gerrit.wikimedia.org/r/1052298

Tue, Jul 16, 5:56 PM · MediaWiki-skins-Foreground

Tue, Jul 9

Maintenance_bot removed a project from T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar: Patch-For-Review.
Tue, Jul 9, 8:00 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security

Mon, Jul 8

mmartorana renamed T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar from Foreground skin: stored XSS via MediaWiki:Sidebar to CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar.
Mon, Jul 8, 5:36 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security

Fri, Jul 5

gerritbot added a project to T362461: Search form input is misaligned in Firefox: Patch-For-Review.
Fri, Jul 5, 12:28 PM · MediaWiki-skins-Foreground
gerritbot added a comment to T362461: Search form input is misaligned in Firefox.

Change #1052298 had a related patch set uploaded (by Samwilson; author: Samwilson):

[mediawiki/skins/Foreground@master] Fix misaligned search form in top bar

https://gerrit.wikimedia.org/r/1052298

Fri, Jul 5, 12:28 PM · MediaWiki-skins-Foreground
Samwilson closed T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar as Resolved.

That makes sense.

Fri, Jul 5, 5:54 AM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security

Thu, Jul 4

Bawolff added a comment to T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar.
In T361452#9686743, @Samwilson wrote:

Also, why is escapeIdForAttribute() "not guaranteed to be HTML safe"? What other ID attribute is it intended for, that needs to be able to contain angle brackets etc.? Is it because some XML dialects permit more characters in IDs than HTML does? It looks like a bunch of skins are doing similar things to Foreground here, so it does seem a confusingly named function.

Thu, Jul 4, 5:55 AM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security
gerritbot added a comment to T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar.

Change #1051779 merged by jenkins-bot:

[mediawiki/skins/Foreground@REL1_41] Escape id attribute in sidebar headers

https://gerrit.wikimedia.org/r/1051779

Thu, Jul 4, 1:44 AM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security

Wed, Jul 3

gerritbot added a project to T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar: Patch-For-Review.
Wed, Jul 3, 2:49 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security
gerritbot added a comment to T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar.

Change #1051779 had a related patch set uploaded (by Mmartorana; author: Samwilson):

[mediawiki/skins/Foreground@REL1_41] Escape id attribute in sidebar headers

https://gerrit.wikimedia.org/r/1051779

Wed, Jul 3, 2:49 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security

Apr 13 2024

Samwilson updated the task description for T333121: Set up eslint and style lint for Skin:Foreground.
Apr 13 2024, 12:51 AM · MediaWiki-skins-Foreground
Samwilson closed T333121: Set up eslint and style lint for Skin:Foreground as Resolved.

Last parts of this done in https://gerrit.wikimedia.org/r/c/mediawiki/skins/Foreground/+/1019248 (thanks @thiemowmde)

Apr 13 2024, 12:51 AM · MediaWiki-skins-Foreground
Samwilson renamed T362461: Search form input is misaligned in Firefox from Search form input is misaligned to Search form input is misaligned in Firefox.
Apr 13 2024, 12:33 AM · MediaWiki-skins-Foreground
Samwilson created T362461: Search form input is misaligned in Firefox.
Apr 13 2024, 12:31 AM · MediaWiki-skins-Foreground

Apr 4 2024

sbassett added a comment to T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar.
In T361452#9686743, @Samwilson wrote:

Also, why is escapeIdForAttribute() "not guaranteed to be HTML safe"? What other ID attribute is it intended for, that needs to be able to contain angle brackets etc.? Is it because some XML dialects permit more characters in IDs than HTML does? It looks like a bunch of skins are doing similar things to Foreground here, so it does seem a confusingly named function.

Apr 4 2024, 4:25 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security
Samwilson added a comment to T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar.

You should need different rights to edit the sidebar then common.js (In WMF config, sysop vs interface-admin)

Apr 4 2024, 2:45 AM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security

Apr 3 2024

sbassett triaged T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar as Medium priority.
Apr 3 2024, 9:17 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security
Bawolff changed the visibility for T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar.
Apr 3 2024, 9:13 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security
Bawolff added a comment to T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar.

Anyone with write access to MediaWiki:Sidebar also can do what they want with MediaWiki:Common.js so it looks like this bug is not very easy to exploit.

Apr 3 2024, 9:12 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security

Apr 2 2024

sbassett added a project to T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar: security-bug.
Apr 2 2024, 7:00 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security
sbassett edited projects for T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar, added: SecTeam-Processed; removed Security-Team.

Since this skin isn't deployed or bundled, the vulnerability (and hopefully merged patch) will be (re)announced via the next supplemental security release: T361321.

Apr 2 2024, 6:00 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security

Apr 1 2024

Samwilson added a comment to T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar.

I've made a patch: https://gerrit.wikimedia.org/r/c/mediawiki/skins/Foreground/+/1015658

Apr 1 2024, 2:09 AM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security

Mar 31 2024

ashley updated subscribers of T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar.

CC'ing @Samwilson since you've recently committed to this repository with significant contributions.

Mar 31 2024, 9:27 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security
ashley added projects to T361452: CVE-2024-40605: Foreground skin: stored XSS via MediaWiki:Sidebar: Vuln-XSS, MediaWiki-skins-Foreground.
Mar 31 2024, 9:25 PM · security-bug, SecTeam-Processed, MediaWiki-skins-Foreground, Vuln-XSS, Security

Feb 20 2024

JJMC89 moved T141831: Move foreground skin to lists.wikimedia.org from Backlog to List creation on the Wikimedia-Mailing-lists board.
Feb 20 2024, 7:51 AM · SRE, MediaWiki-skins-Foreground, Wikimedia-Mailing-lists

Feb 13 2024

Samwilson closed T356959: Remove dependency on jquery.cookie as Resolved.
Feb 13 2024, 11:59 PM · MediaWiki-skins-Foreground
Maintenance_bot removed a project from T356959: Remove dependency on jquery.cookie: Patch-For-Review.
Feb 13 2024, 5:30 PM · MediaWiki-skins-Foreground
gerritbot added a comment to T356959: Remove dependency on jquery.cookie.

Change 998657 merged by jenkins-bot:

[mediawiki/skins/Foreground@master] Use mediawiki.cookie instead of jquery.cookie

https://gerrit.wikimedia.org/r/998657

Feb 13 2024, 5:19 PM · MediaWiki-skins-Foreground

Feb 8 2024

gerritbot added a project to T356959: Remove dependency on jquery.cookie: Patch-For-Review.
Feb 8 2024, 6:01 AM · MediaWiki-skins-Foreground
gerritbot added a comment to T356959: Remove dependency on jquery.cookie.

Change 998657 had a related patch set uploaded (by Samwilson; author: Samwilson):

[mediawiki/skins/Foreground@master] Use mediawiki.cookie instead of jquery.cookie

https://gerrit.wikimedia.org/r/998657

Feb 8 2024, 6:01 AM · MediaWiki-skins-Foreground
Samwilson added a comment to T356959: Remove dependency on jquery.cookie.

$.cookie is only used in this skin by the joyride component, which doesn't seem to ever be started within the skin. It's supposed to be started with e.g. $(document).foundation('joyride', 'start'); — I guess that's meant to be left to individual wikis to load on the pages on which they use joyride (via MediaWiki:Foreground.js perhaps), but there's nothing in the docs about that and I wonder if it's ever used.

Feb 8 2024, 5:59 AM · MediaWiki-skins-Foreground
Samwilson created T356959: Remove dependency on jquery.cookie.
Feb 8 2024, 5:27 AM · MediaWiki-skins-Foreground

Aug 4 2023

Maintenance_bot removed a project from T333121: Set up eslint and style lint for Skin:Foreground: Patch-For-Review.
Aug 4 2023, 9:11 AM · MediaWiki-skins-Foreground
gerritbot added a comment to T333121: Set up eslint and style lint for Skin:Foreground.

Change 942784 merged by jenkins-bot:

[mediawiki/skins/Foreground@master] Move foregroundTemplate class to includes/ directory

https://gerrit.wikimedia.org/r/942784

Aug 4 2023, 9:09 AM · MediaWiki-skins-Foreground

Jul 30 2023

Samwilson updated the task description for T333121: Set up eslint and style lint for Skin:Foreground.
Jul 30 2023, 9:20 AM · MediaWiki-skins-Foreground
gerritbot added a project to T333121: Set up eslint and style lint for Skin:Foreground: Patch-For-Review.
Jul 30 2023, 9:19 AM · MediaWiki-skins-Foreground
gerritbot added a comment to T333121: Set up eslint and style lint for Skin:Foreground.

Change 942784 had a related patch set uploaded (by Samwilson; author: Samwilson):

[mediawiki/skins/Foreground@master] Move foregroundTemplate class to includes/ directory

https://gerrit.wikimedia.org/r/942784

Jul 30 2023, 9:19 AM · MediaWiki-skins-Foreground
Samwilson closed T331957: Change skin directory name foreground → Foreground as Resolved.

I think this is all good now.

Jul 30 2023, 8:06 AM · MediaWiki-skins-Foreground

Jul 12 2023

Aklapper changed the edit policy for MediaWiki-skins-Foreground.
Jul 12 2023, 8:35 AM

Mar 29 2023

Samwilson updated the task description for T333121: Set up eslint and style lint for Skin:Foreground.
Mar 29 2023, 11:43 PM · MediaWiki-skins-Foreground
Maintenance_bot removed a project from T333121: Set up eslint and style lint for Skin:Foreground: Patch-For-Review.
Mar 29 2023, 7:10 PM · MediaWiki-skins-Foreground
gerritbot added a comment to T333121: Set up eslint and style lint for Skin:Foreground.

Change 903061 merged by jenkins-bot:

[mediawiki/skins/Foreground@master] Add eslint and stylelint, and fix some errors

https://gerrit.wikimedia.org/r/903061

Mar 29 2023, 6:39 PM · MediaWiki-skins-Foreground

Mar 27 2023

gerritbot added a project to T333121: Set up eslint and style lint for Skin:Foreground: Patch-For-Review.
Mar 27 2023, 7:48 AM · MediaWiki-skins-Foreground
gerritbot added a comment to T333121: Set up eslint and style lint for Skin:Foreground.

Change 903061 had a related patch set uploaded (by Samwilson; author: Samwilson):

[mediawiki/skins/Foreground@master] Add eslint and stylelint, and fix some errors

https://gerrit.wikimedia.org/r/903061

Mar 27 2023, 7:48 AM · MediaWiki-skins-Foreground
Samwilson created T333121: Set up eslint and style lint for Skin:Foreground.
Mar 27 2023, 7:47 AM · MediaWiki-skins-Foreground

Mar 15 2023

Maintenance_bot removed a project from T331957: Change skin directory name foreground → Foreground: Patch-For-Review.
Mar 15 2023, 7:31 PM · MediaWiki-skins-Foreground
gerritbot added a comment to T331957: Change skin directory name foreground → Foreground.

Change 898243 merged by jenkins-bot:

[mediawiki/skins/Foreground@master] Fix remaining reference to lowercase directory name

https://gerrit.wikimedia.org/r/898243

Mar 15 2023, 7:29 PM · MediaWiki-skins-Foreground

Mar 14 2023

gerritbot added a project to T331957: Change skin directory name foreground → Foreground: Patch-For-Review.
Mar 14 2023, 2:53 AM · MediaWiki-skins-Foreground
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits