- From: Renoir Boulanger <renoir@w3.org>
- Date: Thu, 05 Feb 2015 16:32:36 -0500
- To: "List Hypothes.is dev" <dev@list.hypothes.is>
- CC: public-spec-annotation@w3.org
Hi all, Doug and I have been discussing about ways to pollute annotations on a spec. We figured out that somebody could add annotations from any document on the web. In issue [1] we documented how we would detect and limit to save those annotations. I imagine you guys already considered the possibility. Three things 1. What was the resolution about that particular issue? I suspect not to be a big issue because any spammer would have to create an account to add an annotation anyway. 2. Where and how could we make a plugin to validate whether or not an annotation should be saved? I saw the event `beforeAnnotationCreated` in [2]. Would there be a way to hook a check and prevent to save the annotation if it fails? 3. Is there a check to make sure annotations saved from any domain aren’t going to send email? In [3], I only see if the target is whitelisted. But not if the annotation has been made from any document. Am I looking at a non problem? Thanks! [1] https://github.com/webplatform/annotation-service/issues/30 [2] https://github.com/hypothesis/h/blob/master/h/static/scripts/vendor/annotator.document.js#L49 [3] https://github.com/webplatform/annotation-service/blob/master/notes_server/archiver.py#L44 -- Renoir Boulanger http://www.w3.org/People/#renoirb @renoirb https://renoirboulanger.com/ World Wide Web Consortium (W3C) http://www.w3.org/
Received on Thursday, 5 February 2015 21:32:45 UTC