amara dev update 2014-02-08

Changes pushed to amara.org Saturday, Feb 8th.

  • #1195 New editor: quotes, apostrophes etc. get escaped
  • #751 Instruct users how to save downloaded backup for their subtitles
  • #1125 Implement brightcove video player

A few notes on these changes.  In issue #751 we are using Filesaver.js to automatically save a downloaded backup file (subtitle_backup.dfxp) for users to easily upload later in the event of a save failure.  This currently does work on Safari, so those users will see the copy / paste dialog and be prompted to save.

Issue #1195 was the result of some fallout after we had implemented some urgent changes to fix a security flaw.  For users whose subtitles were affected by this issue, you can either edit your subtitles and save a new version or let us know.  We’re working on a script to fix affected data.

Most importantly, we’d like to give a huge thank you to @kamilsevi who reported the vulnerability to us.   The issue was related to potential javascript injection via the subtitle editors.   We are grateful that he found and reported the issue to us discretely.

We’d also like to remind all users that we are committed to maintaining and improving security in amara.  The footer of each amara page contains a link to our security page. If you discover a vulnerability, please report it to us via this link.  We will fix it as quickly as possible and publicly recognize your contribution.