![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
Entry tags:
Opinions sought: Too much info on tag usage available to styles?
I've been working on Bug 1723, and while doing that I've noticed something that I don't think is right.
The following information on tag usage is exposed to the style system (via the TagDetail class):
(2) seems like info that styles don't really need to know, but it can't hurt
(3) concerns me, because it exposes information that the current user shouldn't have.
For example, let's say that user A has not been granted access by user B. User B posts a lot with the tag "hatemyboss". Most of these posts are protected or private, but one of the posts is public. Because of the public post, user A is able to see the "hatemyboss" tag. If user A were to go away and write his own style that used the info in (3) above, he would be able to find out how often user B has used "hatemyboss" in protected, private and filtered posts.
I'm told that none of DW's official styles use the info in (3). This doesn't mean that a custom style doesn't use it somewhere, on DW or another site using the code.
I think that there are three options:
(a) Leave things as they are
(b) Stop exposing the security_counts variable to the styles system
(c) Keep the variable, but force all the values to zero
I prefer (c), because it deals with the privacy issue without totally breaking any custom styles that use this information. We could add a note in core2.s2 explaining what is going on, and maybe remove the variable totally in a year's time or something.
What are other peoples' opinions?
If anybody wants to have a look for themselves, search for:
The following information on tag usage is exposed to the style system (via the TagDetail class):
- use_count: The number of times that the tag in question is used in the journal (at present it's the total number of times, but bug 1723 will most likely change it to being an approximation of the number of times that it's used in posts that the current user can see. This isn't important now :-))
- visibility: The most-relaxed security level that the tag is ever used in.
- security_counts: How many times it is used at each security level, including security levels that the current user does not have access to.
(2) seems like info that styles don't really need to know, but it can't hurt
(3) concerns me, because it exposes information that the current user shouldn't have.
For example, let's say that user A has not been granted access by user B. User B posts a lot with the tag "hatemyboss". Most of these posts are protected or private, but one of the posts is public. Because of the public post, user A is able to see the "hatemyboss" tag. If user A were to go away and write his own style that used the info in (3) above, he would be able to find out how often user B has used "hatemyboss" in protected, private and filtered posts.
I'm told that none of DW's official styles use the info in (3). This doesn't mean that a custom style doesn't use it somewhere, on DW or another site using the code.
I think that there are three options:
(a) Leave things as they are
(b) Stop exposing the security_counts variable to the styles system
(c) Keep the variable, but force all the values to zero
I prefer (c), because it deals with the privacy issue without totally breaking any custom styles that use this information. We could add a note in core2.s2 explaining what is going on, and maybe remove the variable totally in a year's time or something.
What are other peoples' opinions?
If anybody wants to have a look for themselves, search for:
- "class TagDetail" in core2.s2
- "$t->{security_counts}" in S2.pm
RE: Zero vs UNDEF
Re: Zero vs UNDEF
If this change won't affect what we, the actual users see, then whew, OK...but if it will affect what we see, how so and what should we do to work around it?
Note: I'm actually using the :after content: "" property/value in my CSS to write in the words "access-only" and "private", then styling those in red/italic to make finding those posts easier...which is why this whole topic is kind of a big deal to me.
Re: Zero vs UNDEF
The actual numbers on the tags page are due to change with bug 1723. At present they show the total number of posts with that tag; once the patch is in they will show (approximately) the number of posts with that tag that are visible to the current user. If I'm understanding right, that shouldn't affect you.
As to your highlighting of non-public tags, that depends how you are getting that information. If you're getting it from the "visibility-something" class of the li elements of the tag list, and using CSS to do something with those, then no - they won't change.
The only way that you would be affected is if you are actually using your own S2 style (as opposed to just CSS) to process things, and were using the security_counts data structure.
Hope that's clear, and that it reassures?
Re: Zero vs UNDEF
Yes, I know! I was perusing the tag list of someone on DW a while back who granted me only limited access, so she had, say, four posts under the tag "sex", but I could view only one post tagged thusly; three posts under the tag "going crazy" but I could only see two of those posts, and so on. It was sort of maddening. That was months ago and how I came to find out (long before the bug was filed) that something is wrong with our tag system.
("Wrong" in the sense that we shouldn't be seeing total counts for tags we don't have full access to. If I can only see one of four posts tagged "foo" on someone else's journal, then the tag count should read "1" while I'm logged in and looking at that journal - seeing there's four posts with that tag but only being able to read one of those posts tells me I'm not seeing three other posts with the same tag, which I can call as either a system error or a privacy leak - but knowing how DW's tag system works, I can safely assume it's always the latter.)
As for how I'm pulling and designing the tag security levels, it's entirely through CSS. There's nothing in my s2 to address it specifically - that's among the reasons why I thought I'd get a clarification, since I'd need to know what Plan B would be otherwise. Thanks for the reassurances! :)
Re: Zero vs UNDEF
If you're curious, I've done a post explaining exactly what will change over on dw-styles. It's at http://dw-styles.dreamwidth.org/22250.html.
Re: Zero vs UNDEF