wikimedia/mediawiki-extensions-SecureLinkFixer
1
0
Fork 0
mirror of https://gerrit.wikimedia.org/r/mediawiki/extensions/SecureLinkFixer synced 2024-09-23 10:25:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
Mirror of https://gerrit.wikimedia.org/g/mediawiki/extensions/SecureLinkFixer
32 commits 260 branches 0 tags 54 MiB
PHP 97.2%
JavaScript 2.8%
Go to file
Kunal Mehta b14450fe3a Configure phan-taint-check-plugin 
The plugin checks and flags potential security issues (XSS, SQLi, etc.)
using static analysis.

See <https://www.mediawiki.org/wiki/Phan-taint-check-plugin> for more
details.

Change-Id: Ibebf265e10f8fdb0c26046a81c5f6978b0230537
2019-07-18 19:36:28 -04:00
.phan Enable phan 2019-07-18 19:33:07 -04:00
i18n Localisation updates from https://translatewiki.net. 2019-01-13 22:13:42 +01:00
includes Fix weird spacing 2018-08-01 21:40:16 -07:00
maintenance Include a last updated date in domains.php 2019-07-18 00:47:08 -04:00
tests Add tests for Hooks 2018-08-05 00:22:52 -06:00
.eslintrc.json Add missing .eslintrc.json to pass npm 2019-02-23 14:46:51 +01:00
.gitignore Initial commit 2018-07-29 19:01:06 -07:00
.gitreview Add .gitreview 2018-07-28 01:34:16 +02:00
.phpcs.xml build: Updating mediawiki/mediawiki-codesniffer to 22.0.0 2018-09-03 18:18:39 +00:00
CODE_OF_CONDUCT.md build: Updating mediawiki/mediawiki-codesniffer to 22.0.0 2018-09-03 18:18:39 +00:00
composer.json Configure phan-taint-check-plugin 2019-07-18 19:36:28 -04:00
COPYING Initial commit 2018-07-29 19:01:06 -07:00
domains.php Include a last updated date in domains.php 2019-07-18 00:47:08 -04:00
extension.json Initial commit 2018-07-29 19:01:06 -07:00
Gruntfile.js Initial commit 2018-07-29 19:01:06 -07:00
package-lock.json build: Updating dependencies 2019-07-15 23:59:33 +00:00
package.json build: Updating npm dependencies for security issues 2019-06-08 21:16:24 +00:00
README Initial commit 2018-07-29 19:01:06 -07:00

README 

SecureLinkFixer

This MediaWiki extension rewrites external links to use the HTTPS protocol
if they are on the HSTS preload list.

While users with modern browsers will automatically use HTTPS, outdated
browsers or non-browser clients will first try visiting HTTP before being
redirected to HTTPS.

This extension is licensed under the GPL v3, or any later version. The HSTS
list included with this extension (domains.php) is licensed under the
Mozilla Public License, v 2.0.

Further reading/motivations:
* https://twitter.com/ajhdock/status/970669975861153792
* https://www.facebook.com/notes/protect-the-graph/upgrades-to-facebooks-link-security/2015650322008442/