[Owasp-leaders] OWASP Wiki embedded videos broken

psiinon psiinon at gmail.com
Wed Nov 27 08:23:10 UTC 2013


Thats great!

I've checked a few other pages I know with embedded videos and they look
good too.

And thanks for removing the extraneous ['s - not quite sure what I was
trying to do there ;)

Cheers,

Simon


On Wed, Nov 27, 2013 at 5:02 AM, Matt Tesauro <matt.tesauro at owasp.org>wrote:

> FIXED.
>
> (or perhaps I should say I checked the ZAP wiki page and the AppSec Video
> on the wiki main page and those work fine)
>
> The EmbedVideo extension had hardcoded YouTube as http:// not https://.
>  I was able to override that setting in LocalSetting.php (which survives
> source updates of MediaWiki and the EmbedVideo extension) and now all the
> videos embedded in the wiki for YouTube are SSL'ified.
>
> BTW, it looks like you have a couple extraneous [ characters in your
> project page.  They are showing up in the latest FF in Linux next to the
> embedded videos for Zap.  I went ahead and removed them and added a nbsp;
> between the videos since I was already at that page.
>
> Thanks for alerting OWASP (and me in particular) if the problem.
>
> For the curious, here's what I added to LocalSettings.php:
>
> #MAT# Added custom video service to SSL'ify YouTube links
> # 2013-11-26
> $wgEmbedVideoServiceList["youtube"] = array(
>      'extern' =>
>                  '<iframe src="
> https://www.youtube.com/embed/$2?showsearch=0&modestbranding=1<https://www.youtube.com/embed/$2?showsearch=0&modestbranding=1>"
> ' .
>                  'width="$3" height="$4" ' .
>                  'frameborder="0" allowfullscreen="true"></iframe>',
> );
>
>
> --
> -- Matt Tesauro
> OWASP WTE Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
> OWASP OpenStack Security Project Lead
> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>
>
> On Tue, Nov 26, 2013 at 9:58 AM, Matt Tesauro <matt.tesauro at owasp.org>wrote:
>
>> I suspect this is one of the 55+ undocumented extensions installed on the
>> current wiki.
>>
>> I've been digging through them to see if they are actually used but
>> MediaWiki doesn't allow an easy way to do this short of turning on debug
>> logging which is verbose x 1,000 and would significantly impact the wiki's
>> performance.
>>
>> I'll be taking some vacation time over the next couple days and will look
>> at the existing extensions to see if I can identify this one.  I think it
>> might be the EmbedVideo extension (
>> http://www.mediawiki.org/wiki/Extension:EmbedVideo )
>>
>> I _think_ we're running version 1.0 (at least that's what my notes on the
>> MediaWiki upgrade say) but I will need to look at the actual running code
>> to verify that. I did the big code update from 1.18.x (unsupported version)
>> to 1.19.x (oldest supported version) in August and cleaned up a ton of
>> vestigial, backup and unused code from the wiki including fun things like
>> modifications to pristine source.
>>
>> I'm currently in the process of getting the wiki updated from 1.19.x to
>> 1.21.x and should have that done over the next several weeks.
>>
>> So give me a couple of days and I'll see what I can find out.
>>
>> Jonathan:  I bet this extension has http hard coded or possibly its
>> configurable.  I'll look at that while finding the version number.
>>
>> --
>> -- Matt Tesauro
>> OWASP WTE Project Lead
>> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>> http://AppSecLive.org - Community and Download site
>> OWASP OpenStack Security Project Lead
>> https://www.owasp.org/index.php/OWASP_OpenStack_Security_Project
>>
>>
>> On Tue, Nov 26, 2013 at 7:47 AM, psiinon <psiinon at gmail.com> wrote:
>>
>>> Just noticed that videos embedded on the OWASP wiki have broken, eg
>>> https://www.owasp.org/index.php/ZAP
>>>
>>> This isnt just on the ZAP page - they seem to be broken on all other
>>> pages that use this sort of markup: {{#ev:youtube|eH0RBI0nmww}}
>>>
>>> Anyone know whats changed/broken?
>>>
>>> Cheers,
>>>
>>> Simon
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131127/a19c7093/attachment-0001.html>


More information about the OWASP-Leaders mailing list