Webpagemakerapi: Difference between revisions

→‎Risk considerations: changed from rel=nofollow to x-robots-tag
(→‎Risk considerations: changed from rel=nofollow to x-robots-tag)
 
(5 intermediate revisions by 3 users not shown)
Line 6: Line 6:
|'''Projected Freeze Date:''' || <Placeholder>
|'''Projected Freeze Date:''' || <Placeholder>
|-
|-
|'''Product Champions:''' || [https://mozillians.org/simonwex Simon Wex], [[User:davida|David Ascher]]
|'''Product Champions:''' || [https://mozillians.org/simonwex Simon Wex], [[User:davida|David Ascher]], Michelle Levesque
|-
|-
|'''Privacy Champions:''' ||  
|'''Privacy Champions:''' ||  
Line 39: Line 39:
== API Methods ==
== API Methods ==


<table>
These are documented in the [https://github.com/mozilla/webpagemaker/tree/development/webpagemaker/api#readme API README].
  <tr>
    <td>Name</td>
    <td>Endpoint</td>
    <td>HTTP Method</td>
    <td>Parameters</td>
    <td>Return</td>
</tr>
  <tr>
    <td>Create Page</td>
    <td>/page</td>
    <td>POST</td>
    <td>Raw Post Data (HTML)</td>
    <td>Relative Short URL id (eg. "/ja5bn")</td>
  </tr>
  <tr>
    <td>Read Page</td>
    <td>/{short url id}</td>
    <td>GET</td>
    <td>short url id (in path)</td>
    <td>Sanitized ([http://pypi.python.org/pypi/bleach Bleach])</td>
  </tr>
</table>


== Stored Data ==
== Stored Data ==
Line 67: Line 45:
End-user created HTML documents are stored in MySQL.  
End-user created HTML documents are stored in MySQL.  


=== Risk considerations ===
== Risk considerations ==


{| class="wikitable"
{| class="wikitable"
Line 81: Line 59:
| Documents hosted via the API could be used as link farms
| Documents hosted via the API could be used as link farms
|  
|  
* nofollow attributes will be inserted in all "a" tags via Bleach
* Documents will be delivered with a <code>X-Robots-Tag: noindex, nofollow</code> header.
|-
|-
| Javascript could be used in a multitude of ways to compromise client machines
| Javascript could be used in a multitude of ways to compromise client machines
874

edits