Feature #16872: Make it obvious to visitors of the staging website that it is not trustworthy

Feature #16872

Make it obvious to visitors of the staging website that it is not trustworthy

Added by Anonymous 2019-07-09 16:14:57 . Updated 2020-02-23 06:53:15 .

Status:

Confirmed

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

Website

Blueprint:

Starter:

Affected tool:

Translation Platform

Deliverable for:

Description

This was mentioned by hefee as a nice to have.

Subtasks

Related issues

Related to Tails - Feature #15080: Integrate the staging website with the interface	Confirmed	2018-06-11
Related to Tails - Feature #15360: Refresh the Weblate staging website more often	In Progress	2018-03-02
Related to Tails - Feature #15080: Integrate the staging website with the interface	Confirmed	2018-06-11

History

#1 Updated by intrigeri 2019-09-13 09:46:14

related to Feature #15080: Integrate the staging website with the interface added

#2 Updated by intrigeri 2019-09-13 09:46:21

related to Feature #15360: Refresh the Weblate staging website more often added

#3 Updated by Anonymous 2019-09-13 09:47:35

Description updated

#4 Updated by intrigeri 2019-09-13 09:48:28

What problems are we trying to solve here?

There might be cheap solutions to the most important ones, or not.

#5 Updated by hefee 2020-02-21 22:50:31

@intrigeri:
> What problems are we trying to solve here?
>
> There might be cheap solutions to the most important ones, or not.

The problem that we want to solve here, is that a malicious user can create a suggestion via Weblate and our automatic system refreshes the staging website with the suggestion. After that a malicious user can share the link to the staging website with content controlled by himself. A user may just follow the link and does not recognize that it is not the official documentation.
That’s why I think it must be obvious for anyone visiting the staging website, that it is NOT the official documentation.
IMO an very easy solution would be to replace the top banner or add another staging banner without breaking the layout too much.

#6 Updated by intrigeri 2020-02-22 09:41:56

Subject changed from Make it obvious to translators that they are visiting the staging website to Make it obvious to visitors of the staging website that it is not trustworthy

Hi @hefee,

hefee wrote:
> The problem that we want to solve here, is that a malicious user can create a suggestion via Weblate and our automatic system refreshes the staging website with the suggestion. After that a malicious user can share the link to the staging website with content controlled by himself. A user may just follow the link and does not recognize that it is not the official documentation.
> That’s why I think it must be obvious for anyone visiting the staging website, that it is NOT the official documentation.

I see. This makes perfect sense to me, thanks! I’m updating the title of this issue to reflect this accurately (the “to translators” aspect was what got me a bit confused initially).

> IMO an very easy solution would be to replace the top banner or add another staging banner without breaking the layout too much.

Sounds good.

#7 Updated by hefee 2020-02-22 15:18:33

@intrigeri

> > IMO an very easy solution would be to replace the top banner or add another staging banner without breaking the layout too much.
>
> Sounds good.

but now the question, how to replace the banner technically/easily and what banner should be used ;)

#8 Updated by intrigeri 2020-02-23 06:53:15

Hi,

> how to replace the banner technically/easily

You made me curious so I’ve spent 10 minutes researching this (“this” being: how to apply CSS depending on the current page’s URI; whether said CSS changes the banner image, or the background, or some color, is not particularly relevant at this zoom level).

Unfortunately, I’ve found no solution I find great. But maybe one of these is good enough?

The options I’ve found are:

Do it with JavaScript
- pros: rather easy to implement
- cons: the JS code would have to run on our production website too
OS-level “replace/tweak file whenever it’s modified” mechanism, e.g. a systemd.path(5) unit
- pros: requires system programming skills, which we are collectively better at Tails than at web technologies
- cons: requires inelegant kludges to avoid infinite recursion
update-staging-website.sh could replace the banner image file
- pros: mostly trivial to implement
- cons: ineffective while ikiwiki is rebuilding/refreshing the staging website ⇒ can’t be relied upon as a security measure
Do it with the experimental \document@ CSS at-rule (https://developer.mozilla.org/en-US/docs/Web/CSS/@document)
- pros: mostly trivial to implement
- cons: only works in Firefox 61 with an opt-in pref enabled ⇒ currently totally useless

#9 Updated by zen 2020-04-24 13:39:04

related to Feature #15080: Integrate the staging website with the interface added

Tails