874
edits
Webpagemakerapi: Difference between revisions
→Risk considerations: changed from rel=nofollow to x-robots-tag
No edit summary |
(→Risk considerations: changed from rel=nofollow to x-robots-tag) |
||
| (7 intermediate revisions by 3 users not shown) | |||
| Line 6: | Line 6: | ||
|'''Projected Freeze Date:''' || <Placeholder> | |'''Projected Freeze Date:''' || <Placeholder> | ||
|- | |- | ||
|'''Product Champions:''' || [ | |'''Product Champions:''' || [https://mozillians.org/simonwex Simon Wex], [[User:davida|David Ascher]], Michelle Levesque | ||
|- | |- | ||
|'''Privacy Champions:''' || | |'''Privacy Champions:''' || | ||
| Line 39: | Line 39: | ||
== API Methods == | == API Methods == | ||
These are documented in the [https://github.com/mozilla/webpagemaker/tree/development/webpagemaker/api#readme API README]. | |||
== Stored Data == | == Stored Data == | ||
End-user created HTML documents are stored in MySQL. | |||
== Risk considerations == | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! | ! Risk | ||
! | ! Mitigation Strategy | ||
|- | |||
| Copyrighted work can be stored and distributed through the API | |||
| | |||
* Documents will require DOCTYPE definitions and syntactically correct HTML | |||
* Documents will be limited to 10,000 characters | |||
|- | |||
| Documents hosted via the API could be used as link farms | |||
| | |||
* Documents will be delivered with a <code>X-Robots-Tag: noindex, nofollow</code> header. | |||
|- | |||
| Javascript could be used in a multitude of ways to compromise client machines | |||
| | |||
* All Javascript will be stripped using Bleach before it is served | |||
|- | |- | ||
| | | Database insertion could be used as a DOS attack vector | ||
| | | | ||
* Rate limiting will be implemented along with above size limitations | |||
|} | |} | ||