MozillaWiki

Webpagemakerapi: Difference between revisions

Page Discussion

Webpagemakerapi (view source)

Revision as of 19:25, 17 May 2012

550 bytes added ,  17 May 2012
→‎Risk considerations: changed from rel=nofollow to x-robots-tag
(→‎Risk considerations: changed from rel=nofollow to x-robots-tag)
 
(12 intermediate revisions by 3 users not shown)
Line 6: Line 6:
|'''Projected Freeze Date:''' || <Placeholder>
|'''Projected Freeze Date:''' || <Placeholder>
|-
|-
|'''Product Champions:''' || [[User;simonwex|Simon Wex]], [[User:davida|David Ascher]]
|'''Product Champions:''' || [https://mozillians.org/simonwex Simon Wex], [[User:davida|David Ascher]], Michelle Levesque
|-
|-
|'''Privacy Champions:''' ||  
|'''Privacy Champions:''' ||  
Line 16: Line 16:




Timeline:
==Timeline==


{|
{|
Line 31: Line 31:
* Easily make a new guided learning experience.  
* Easily make a new guided learning experience.  


For more information on WebPageMaker, see  [[https://etherpad.mozilla.org/webpagemaker-pitch|WebPageMaker for Summer Campaign]]
For more information on WebPageMaker, see  [https://etherpad.mozilla.org/webpagemaker-pitch WebPageMaker for Summer Campaign]


= WebPageMakerAPI Overview =
= WebPageMakerAPI Overview =


The API is a two-endpoint HTTP API that accepts (via POST) HTML documents and serves those documents via a short url. The HTML documents are cleaned by [[http://pypi.python.org/pypi/bleach|Bleach]] before being served.
The API is a two-endpoint HTTP API that accepts (via POST) HTML documents and serves those documents via a short url. The HTML documents are cleaned by [http://pypi.python.org/pypi/bleach Bleach] before being served. [https://github.com/mozilla/playdoh Playdoh] is the planned implementation framework.


= API Methods =
== API Methods ==


<table>
These are documented in the [https://github.com/mozilla/webpagemaker/tree/development/webpagemaker/api#readme API README].
  <tr>
 
    <td>Name</td>
== Stored Data ==
    <td>Endpoint</td>
 
    <td>HTTP Method</td>
End-user created HTML documents are stored in MySQL.
    <td>Parameters</td>
 
    <td>Return</td>
== Risk considerations ==
</tr>
 
  <tr>
{| class="wikitable"
    <td>Create Page</td>
|-
    <td>/page</td>
! Risk
    <td>POST</td>
! Mitigation Strategy
    <td>Raw Post Data (HTML)</td>
|-
    <td>Relative Short URL id (eg. "/ja5bn")</td>
| Copyrighted work can be stored and distributed through the API
  </tr>
|
  <tr>
* Documents will require DOCTYPE definitions and syntactically correct HTML
    <td>Read Page</td>
* Documents will be limited to 10,000 characters
    <td>/{short url id}</td>
|-
    <td>GET</td>
| Documents hosted via the API could be used as link farms
    <td>short url id (in path)</td>
|
    <td>Sanitized ([http://pypi.python.org/pypi/bleach Bleach])</td>
* Documents will be delivered with a <code>X-Robots-Tag: noindex, nofollow</code> header.
  </tr>
|-
</table>
| Javascript could be used in a multitude of ways to compromise client machines
|
* All Javascript will be stripped using Bleach before it is served
|-
| Database insertion could be used as a DOS attack vector
|
* Rate limiting will be implemented along with above size limitations
|}
Varmaa
874

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/421594...432141"