Page MenuHomePhabricator
Create Task
Maniphest T281627

Security Readiness Review For Datatables
Closed, DeclinedPublic
Actions

Description

Project Information

Description of the tool/project:

Client-side library to display fully-featured tables at the client side.

I'm filling this request for DataTables jQuery plugin, as that's what I use in WMCZ-Tracker (finance-tracking app used by Wikimedia Czech Republic). But, I'm willing to accept suggestions about different plugins doing similar work that would be more prefered by the Security team, because they are maybe easier to review (or maybe there already _is_ a reviewed code I could use?).

I basically need a client-side library that allows me to create a table that supports:

  • On-the-fly filtering with custom logic (for instance, "user is newcomer", meaning "user tenure < 3 weeks", etc.)
  • Loading data directly from a JSON blob provided by the server

Description of how the tool will be used at WMF:

The plugin will be used as part of mentor dashboard, which is currently developed by the Growth-Team. Precisely, it will be used to facilitate the mentee overview module, see T278971 for details.

Dependencies

List dependencies, or upstream projects that this project relies on.

DataTables' only dependency is jQuery, which is already used by prodiction.

Has this project been reviewed before?

Please link to tasks or wiki pages of previous reviews.

I'm unaware of a Security-team conducted review of DataTables' code. However, it is used in numerous Wikimedia-affiliated tools and even production-deployed code (similar-users service), see https://codesearch.wmcloud.org/deployed/?q=datatables&i=nope&files=&excludeFiles=&repos= and https://codesearch.wmcloud.org/search/?q=dataTables&i=fosho&files=&excludeFiles=&repos=.

Working test environment

Please link or describe setup process for setting up a test environment.

https://datatables.net/manual/installation are upstream docs for getting DataTables ready.

Post-deployment

Name of team responsible for tool/project after deployment and primary contact.

The Mentor dashboard will be supported and maintained by the Growth-Team post-deployment.

Related Objects
Search...

Event Timeline

Urbanecm_WMF created this task.May 1 2021, 1:07 PM
Restricted Application added a project: secscrum. · View Herald TranscriptMay 1 2021, 1:07 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Urbanecm_WMF added a parent task: T278971: Mentor dashboard: M1 mentee overview module .May 1 2021, 1:07 PM
RhinosF1 subscribed.May 1 2021, 1:23 PM
Jcross subscribed.May 4 2021, 3:57 PM

Hi @Urbanecm_WMF - can you please let us know what your target deployment date is? It will help us to resource this appropriately. Please know that next quarter (Q1) would be the soonest we'd be able to get you in queue for review. Thank you!

Jcross moved this task from Incoming to Back Orders on the secscrum board.May 4 2021, 3:57 PM
sbassett changed the task status from Open to Stalled.May 6 2021, 9:27 PM
sbassett triaged this task as Low priority.
Urbanecm_WMF closed this task as Declined.Jun 2 2021, 4:00 PM

Taking this back. Won't be necessary on second thought.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits