Disable emoji delivery via cdn.jsdelivr.net

Looking for an Extension? Have an Extension request? Post your request here for help. (Note: This forum is community supported; while there is an Extensions Development Team, said team does not dedicate itself to handling requests in this forum)
Get Involved
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by david63 »

Lumpy Burgertushie wrote: Fri Apr 06, 2018 4:05 pm admin panel: load settings, Allow usage of third party content delivery networks:
set to no.
Not sure that will turn Emojis off - I have it set to No and Emojis are rendered.

It does say "some" third party CDN
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
3Di
I've Been Banned!
Posts: 17538
Joined: Mon Apr 04, 2005 11:09 pm
Location: I'm with Ukraine 🇺🇦
Name: Marco
Contact:

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by 3Di »

Thirdy party CDNs that are loaded if CDNs are allowed:

overall_header.html (webfont.js)

Code: Select all

<!-- IF S_ALLOW_CDN -->
<script>
	WebFontConfig = {
		google: {
			families: ['Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese']
		}
	};

	(function(d) {
		var wf = d.createElement('script'), s = d.scripts[0];
		wf.src = 'https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js';
		wf.async = true;
		s.parentNode.insertBefore(wf, s);
	})(document);
</script>
<!-- ENDIF -->
overall_footer.html (jquery.min.js and font-awesome.min.css)

Code: Select all

<!-- IF S_ALLOW_CDN --><script type="text/javascript">window.jQuery || document.write('\x3Cscript src="{T_ASSETS_PATH}/javascript/jquery.min.js?assets_version={T_ASSETS_VERSION}">\x3C/script>');</script><!-- ENDIF -->
and

Code: Select all

<!-- IF S_ALLOW_CDN -->
	<script type="text/javascript">
		(function($){
			var $fa_cdn = $('head').find('link[rel="stylesheet"]').first(),
				$span = $('<span class="fa" style="display:none"></span>').appendTo('body');
			if ($span.css('fontFamily') !== 'FontAwesome' ) {
				$fa_cdn.after('<link href="{T_ASSETS_PATH}/css/font-awesome.min.css" rel="stylesheet">');
				$fa_cdn.remove();
			}
			$span.remove();
		})(jQuery);
	</script>
<!-- ENDIF -->
Also loaded in simple_footer & simple_header.html, local files are located into the ./assets folder of your Board's root.
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Buy me a coffee -> Image
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by canonknipser »

As an addition to 3Di: emoji are loaded by the vendor library "s9e/text-formatter", which contains the path hardcoded
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by martti »

Good that the default setting is "off" and that it is clearly explained in the ACP that it can be a privacy issue and that it is explained that the external provider is Google’s content delivery network.
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by canonknipser »

But that is only true for webfont and jquery, there is no on/off switch for emoji, which are not loaded by phpbb itself, but hardcoded by a vendor library. Maybe it's an issue for JoshyPHP
JoshyPHP wrote:
canonknipser wrote: Fri Apr 06, 2018 6:42 pm emoji are loaded by the vendor library "s9e/text-formatter", which contains the path hardcoded
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
User avatar
JoshyPHP
Code Contributor
Posts: 1288
Joined: Mon Jul 11, 2011 12:28 am

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by JoshyPHP »

You can always modify a template to configure the way you prefer: http://s9etextformatter.readthedocs.io/ ... _template/
I wrote the library that handles markup in phpBB 3.2+.
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by martti »

Are emojis the smilies? I see them delivered by my own server. Or what specific content are we talking about and on which page?
User avatar
GanstaZ
Registered User
Posts: 1187
Joined: Wed Oct 11, 2017 10:29 pm
Location: GZOverse

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by GanstaZ »

Emoji is a textformatter plugin. And it seems that some people don't like that it is a third-party package.
Usus est magister optimus! phpBB pre-Triton & latest php environment.
When answer lies in the question, question becomes redundant!
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by martti »

The OP is concerned about gathering personal data by an external CDN. So that's third party delivery, not third party content delivered from your own server.
zorni wrote: Due to the upcoming GDPR I'd like to reduce the connections to external domains / providers. phpBB automatically converts Emojis and uses EmojiOne which are delivered via cdn.jsdelivr.net. (Ergo user data is collected/transmitted)
I am concerned too and advise anyone to be concerned. But the concern is met by disabling "Allow usage of third party content delivery networks". So far I don't see anything what's delivered by another server than my own. If this would be the case, then what is stated in the ACP would be wrong. So there is no problem. And the option is disabled by default.
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by canonknipser »

martti wrote: Tue Apr 10, 2018 10:51 pm But the concern is met by disabling "Allow usage of third party content delivery networks". So far I don't see anything what's delivered by another server than my own.
No, emojis are delivered from an external source regardless the setting in the acp, because they are linked by the textformatter library, which is unaffected by the acp setting.
Just type in something like :heart: -> :heart: -> the image location is https://cdn.jsdelivr.net/emojione/assets/3.1/png/64/2764.png

Edit:
Joshy, didn't catch that:
JoshyPHP wrote: Tue Apr 10, 2018 7:48 pm You can always modify a template to configure the way you prefer: http://s9etextformatter.readthedocs.io/ ... _template/

How does it help a standard (non-programming) board admin to prevent image linking from external sides? The standard admin doesn't know anything about textformatter, writing templates and so on.
So, the question is: Is there a simple switch to prevent textformatter from loading / linking resources from external sides like jsdelivr.net?
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by canonknipser »

canonknipser wrote: Wed Apr 11, 2018 4:20 am Is there a simple switch to prevent textformatter from loading / linking resources from external sides like jsdelivr.net?
To answer my question by myself: I just had a look in the phpBB-Code, and found that when smilies are disabled then emojis are disabled as well.
from phpbb/textformatter/s9e/factory.php:

Code: Select all

		if (isset($configurator->Emoticons))
		{
			// Force emoticons to be rendered as text if $S_VIEWSMILIES is not set
			$configurator->Emoticons->notIfCondition = 'not($S_VIEWSMILIES)';
...
So, when disabling smilies globally in acp or on a per-post-setting (done here), emojis don't show up as well:
smilie example :ugeek:
emoji example :heart:
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by martti »

canonknipser wrote: Wed Apr 11, 2018 4:20 am No, emojis are delivered from an external source regardless the setting in the acp, because they are linked by the textformatter library, which is unaffected by the acp setting.
Just type in something like :heart: -> :heart: -> the image location is https://cdn.jsdelivr.net/emojione/assets/3.1/png/64/2764.png
Wow, indeed, that's bad.
canonknipser wrote: Wed Apr 11, 2018 4:20 am How does it help a standard (non-programming) board admin to prevent image linking from external sides? The standard admin doesn't know anything about textformatter, writing templates and so on.
So, the question is: Is there a simple switch to prevent textformatter from loading / linking resources from external sides like jsdelivr.net?
It needs to be reported as a bug and fixed in core.
The promise in the ACP is not met. Admins cannot rely on the "Allow usage of third party content delivery networks" setting. They can not rely on the fact that when keeping it disabled, nothing is delivered from a third party server.

(note: this is not affecting you when you are an emoji-hater like me and set "disable smilies" in ACP)
User avatar
canonknipser
Registered User
Posts: 2096
Joined: Thu Sep 08, 2011 4:16 am
Location: Germany
Name: Frank Jakobs
Contact:

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by canonknipser »

I think that's a general problem with third party libraries (ie. everything in the vendor folder) used by phpBB. Because all libraries are used "as is", there can be a functionality in those libraries which relies on external hosted resources. It is logical that some libraries like external authentication via oauth or google's recaptcha uses external hosted services, but unexpected in others.
Greetings, Frank
phpbb.de support team member
English is not my native language - no support via PM or mail
New arrival - Extensions and scripts for phpBB
User avatar
JoshyPHP
Code Contributor
Posts: 1288
Joined: Mon Jul 11, 2011 12:28 am

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by JoshyPHP »

canonknipser wrote: Wed Apr 11, 2018 4:20 am How does it help a standard (non-programming) board admin to prevent image linking from external sides?
I was replying to the post that mentioned me by name, which said the URL was hardcoded. I see you fancy yourself a programmer in your profile, so feel free to use this information to create an extension or propose a Pull Request that implements this functionality.
I wrote the library that handles markup in phpBB 3.2+.
User avatar
martti
Registered User
Posts: 911
Joined: Thu Jul 31, 2014 8:23 am
Location: Belgium

Re: Disable emoji delivery via cdn.jsdelivr.net

Post by martti »

I've created a bug report : PHPBB3-15625
Post Reply

Return to “Extension Requests”