[00:00:11] sadly we have no way of telling apart bots and humans [00:00:25] if we did we'd be rich [00:00:48] that was mostly the point of all the work I did at Kount [00:00:55] I mean, even at the level Varnish-based analytics does it [00:02:00] bd808: re: template styles, there is a lot of discussion about changing template syntax, but that's kind of unrelated and changing CSS handling for templates seems kind of low-hanging fruit [00:02:26] the one hard issue is to teach the sanitizer to parse CSS blocks [00:02:40] yep. that is the blocker I think [00:03:02] which doesn't seem *that* hard [00:03:11] Tim was going to look at that once but I don't remember if he spent much time on it [00:03:29] it turns out there a lot of ways to put nasty things in css [00:03:53] but we could define a pretty conservative grammar that hit the 80% use case I bet [00:03:58] but all the actual nastiness happens in properties and we already parse those [00:04:07] and then just reject anything we didn't whitelist [00:04:27] just use a strict grammar and throw away anything not matching it, yes [00:04:33] *nod* [00:05:37] properties are sanitized already since it's the same set for inline rules so you just need take make sure {} blocks are read in a strict enough way to prevent hiding a CSS rule inside a misformed selector or something like that [00:06:31] IMO it's worth pushing forward, jdlrobson thinks its high impact for their team, and it does not seem to be a huge amount of work [00:07:02] I really think all it needs now to get approved is a working css validator [00:08:01] actually it is in the "approved by not resourced" column on the workboard [00:08:09] https://phabricator.wikimedia.org/T483 [00:08:58] here's Tim's research -- https://phabricator.wikimedia.org/T989 [00:12:14] will see if I can pick that as a side project for Q3 [00:22:55] * bd808 starts his weekend [00:22:58] later folks