Page MenuHomeMiraheze
Create Task
Maniphest T7539

Extension:EmbedVideo
Closed, ResolvedPublic
Actions

Description

GitHub repo: https://github.com/StarCitizenWiki/mediawiki-extensions-EmbedVideo

Hi there, I am one of the maintainer of the forked version of Extension:EmbedVideo.

I realized that the original extension has been requested multiple times on Miraheze but was declined due to security reasons in the past. While I am not familiar with the exact reasons that the old extension was declined, I will try my best to meet any necessary requirements from Miraheze for security review.

We forked Extension:EmbedVideo because it was unmaintained like most Fandom extensions. The forked version is refactored and includes numerous security and privacy improvements.
For example, the iframe would only be loaded when user gave consent by clicking the load button, so there would be no external connection until interacted. It also supports the native MediaWiki CSP so the required CSP rule would be added on the page that requires them. There are also support for local media, similar to Extension:TimedMediaHandler. A whitelist is also added so wiki can choose to only enable a selection of services.

However, because of the extensive rewrite, a lot of previously supported services were removed. The current support services include Archive.org, SoundCloud, Spotify, Twitch, Vimeo, and YouTube. More can be added in the future if needed but it is less than what the original extension support. The original parser functions are simplified into only one as well.

It is deployed on multiple production wiki, here's an example page on a YouTube embed.

Related Objects

Event Timeline

Alistair3149 created this task.Jun 27 2021, 00:18
Herald added subscribers: Bukkit, Unknown Object (User), RhinosF1 and 2 others. · View Herald TranscriptJun 27 2021, 00:18
Unknown Object (User) claimed this task.Jun 27 2021, 00:32
Herald added a project: Universal Omega. · View Herald TranscriptJun 27 2021, 00:32
Alistair3149 updated the task description. (Show Details)Jun 27 2021, 00:52
Alistair3149 edited projects, added Extensions; removed MediaWiki.
Unknown Object (User) moved this task from Backlog to Security Review Needed on the Extensions board.Jun 27 2021, 02:43
Unknown Object (User) moved this task from Backlog to Short Term on the MediaWiki (SRE) board.
Unknown Object (User) moved this task from Unsorted to Short Term on the Universal Omega board.
Unknown Object (User) moved this task from Security Review Needed to Reviewed, Approved on the Extensions board.Jun 27 2021, 16:50

I did one patch to this myself to cleanup a hook, nothing major. This extension does seem much safer then the original, therefore... approved.

Unknown Object (User) reassigned this task from Unknown Object (User) to Redmin.Jun 28 2021, 01:37
Unknown Object (User) added a subscriber: Redmin.

Assigning to @R4356th for submitting PRs to install per discussion on Discord.

Unknown Object (User) claimed this task.Jun 30 2021, 00:22

Claiming to install the mw-config portion shortly. @R4356th did the submodule

Redmin merged a task: T7594: Extension Request: EmbedVideo.Jul 5 2021, 13:32
Redmin added a subscriber: HM_GAAMontreaL.
Unknown Object (User) closed this task as Resolved.Jul 19 2021, 23:40
Restricted Repository Identity mentioned this in R9:d49a36880306: T7539: Install EmbedVideo (#4007).Jul 19 2021, 23:40