GSoC/2016/StatusReports/FalitJain: Difference between revisions

From KDE Community Wiki
< GSoC‎ | 2016‎ | StatusReports
No edit summary
No edit summary
(8 intermediate revisions by the same user not shown)
Line 34: Line 34:
[[File:falit7.gif]]
[[File:falit7.gif]]


[[File:falit8.gif]]
'''XSS Attack Security Checks'''
[[File:falit9.gif]]
* While trying attacking directly through the < a href > tag
[[File:falit10.gif]]
[[File:falit8.png]]


* While trying ti attack through the style attribute:
[[File:falit9.png]]
*It resulted in showing an insecure input.
[[File:falit12.png]]
* Most of the XSS attacks , i tested didn't by-pass. Some minor testing needs to be done on IE still. Howver , better frameork such as  [https://github.com/bcit-ci/CodeIgniter Codelgniter] can be used.





Revision as of 23:11, 20 August 2016

Project Overview

Project Name: WikiToLearn Improved Editor

A Brief Description: The main purpose of this project is to make WikiToLearn Editor to have abundance of features, easy to use and fast. The two main tasks include is the inclusion of Visual Editor extension ( ensuring its full working and keeping it up-to-date) , as well as , inclusion of LaTex tool which will help is writing formulas , auto-completion and highlighting.

Status:

  • Completed :
    • The inclusion of the LaTex Autocompletions , highlighting in the Visual Editor . Also , fixing the bugs in the current VIsual Editor in the WikiToLearn site. In addition , I tried various XSS attacks on the editor ( as WYSIWYG are known to be vulnerable to XSS in past) .
  • In progress:
    • Documentation.


Screenshots:

  • Earlier Latex Math Formula Insert Editor
    • It had no autocompletions and snippets , nor did it included the words from history.

  • LaTex Autocompletions
    • Snippets name listing from the autocompletions dropdown
    • Selecting the snippet name loads the entire latex snippet
    • In case wrong format is typed.
  • Local Autocompletions
    • Case where words already typed can be autocompleted from dynamically generated dropdown. Eg: Since log is already used in line 1 then , when type the letter 'l' in the 3rd line , the word 'log' comes as a suggestion for the autocompletion in the dropdown.

Animation:

XSS Attack Security Checks

  • While trying attacking directly through the < a href > tag

  • While trying ti attack through the style attribute:

  • It resulted in showing an insecure input.

  • Most of the XSS attacks , i tested didn't by-pass. Some minor testing needs to be done on IE still. Howver , better frameork such as Codelgniter can be used.


Telegram Nick: falitjain
Telegram Channels: WikiToLearn Tech, WikiToLearn, WikiToLearn GSoC, KDE-Soc

Blog: https://falit94.blogspot.com/

GSOC as an experience
From the day it began , till now and more time to come , I have just learnt a lot (almost everyday) something new. As a student , I had to work something that is used by the users live ( something which you cannot always experience while working for a corporate). What I found the most exciting was communication channel . Everytime , someone had any query of any type , it would be posted there , and everyone then came to discuss that , which was very educative and fun. My mentors Irene Cortinovis and Gianluca Rigolleti , didn't ever hesistated to answer my queries at any time , and constantly helped with my tasks and planning. I am lucky to be a part of WikiToLearn :)


This is what I learned during GSoC:

  • Docker and Vagrant
  • Mediawiki Extension Development
  • Mediawiki community
  • KDE community
  • Lots of Javascript Concepts.
  • VIM

Documents

https://www.mediawiki.org/wiki/Extension:LatexCompleter


Extension git repository

https://github.com/Falit/LatexCompleter
https://github.com/Falit/CodeEditor

Code Block Bug

https://phabricator.wikimedia.org/T138458

Code Editor Block

https://phabricator.wikimedia.org/T141021

Other Tasks Updated by me

https://phabricator.kde.org/T3260
https://phabricator.kde.org/T3268
https://phabricator.kde.org/T3065
https://phabricator.kde.org/T2968