[Bug 45160] New: Eliminate JavaScript and CDN usage from AppDB for better privacy and security of the visitors.
https://bugs.winehq.org/show_bug.cgi?id=45160
Bug ID: 45160 Summary: Eliminate JavaScript and CDN usage from AppDB for better privacy and security of the visitors. Product: WineHQ Apps Database Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: appdb-unknown Assignee: wine-bugs@winehq.org Reporter: kolan_n@mail.ru Distribution: ---
There are some security and privacy issues in appdb.
0 It uses files from CDNs. You should store them locally and load them from own server. If you can't do that, please enforce their integrity with https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity . 1 It is non-functional without JavaScript even though the same functionality is achieved without using any JavaScript. For example drop-down panels are implemented in browsers as a pair of HTML tags. Drop-down menus can be implemented as css. There are lot of things that don't require any JS lines. You should really consider throwing JS part of Bootstrap into garbage and using pure HTML+CSS solution.
https://bugs.winehq.org/show_bug.cgi?id=45160
KOLANICH kolan_n@mail.ru changed:
What |Removed |Added ---------------------------------------------------------------------------- Hardware|x86 |Other OS|Linux |other
https://bugs.winehq.org/show_bug.cgi?id=45160
--- Comment #1 from KOLANICH kolan_n@mail.ru --- 3 What cannot be implemented in CSS+HTML probably may be implemented on backend.
https://bugs.winehq.org/show_bug.cgi?id=45160
--- Comment #2 from Rosanne DiMesio dimesio@earthlink.net --- I wouldn't assume that HTML and CSS are inherently safe. IMO, the biggest security holes in the AppDB are the HTML WYSIWYG textareas in the test report submission form (bug 34647).
As for the CDN, I believe that's used for bandwidth/economic reasons, so I expect that's unlikely to change.
https://bugs.winehq.org/show_bug.cgi?id=45160
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=45160
--- Comment #3 from Ken Sharp imwellcushtymelike@gmail.com --- (In reply to KOLANICH from comment #0)
You should really consider throwing JS part of Bootstrap into garbage and using pure HTML+CSS solution.
Definitely agree with this bit. Won't be a small job to rewrite the whole thing though.
Cloudflare (for example) could help with bandwidth.
-
wine-bugs@winehq.org -
WineHQ Bugzilla