Ori Livneh wrote: The critical issue is *security*. Security is the reason the graph > extension is not enabled. Security is the reason why interactive SVGs > are not enabled. Interactive visualizations have a programmatic element > that consists of code that executes in the user's browser.
Gergő Tisza wrote: > > Security is a challenge but could be worked around via iframes. Discussions as to the security of iframes are ongoing, such as https://phabricator.wikimedia.org/T222807 and a number of others. It is time to resolve this once and for all. How can we adjudicate this question and say definitively that iframes mitigate the security risk of running Javascript in the user's browser if certain specified requirements are met? >
_______________________________________________ Wikimedia-l mailing list -- [email protected], guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines and https://meta.wikimedia.org/wiki/Wikimedia-l Public archives at https://lists.wikimedia.org/hyperkitty/list/[email protected]/message/PGNE5OVZK3L3L7YX7CRSRZCQ5GCYC5CL/ To unsubscribe send an email to [email protected]
