The Zooniverse team in Oxford, UK, is looking for a web developer intern to join us in summer 2022. If you’re looking to learn how to build websites and apps with a team of friendly developers, or if you just want an opportunity to flex your extant coding skills in an environment that loves scientific curiosity, then come have some tea with us!
The team here in the Zooniverse want to welcome more folks into the world of software development, and in turn, we want to learn from the unique ideas and experiences you can share.
The 1st of February marked the start of Chinese New Year/Lunar New Year celebrations, so we here at the Zooniverse team wanted to wish everyone a happy and prosperous Year of the Tiger!
This year, we’d like to share a fun side project one of our developers (Shaun) created for the Chinese New Year: a small video game where you try to lead a big striped cat to an exit with a laser pointer. While the Zooniverse team takes our scientific work very seriously, we also enjoy doing some really goofy stuff in our free time.
The fixes for this vulnerability are contained in pull requests #5141, #5142, and #5148 of the Panoptes Front End project on GitHub. Anyone running their own hosted copy of this should pull these changes as soon as possible.
Additional notes on our investigation are as follows:
The vulnerability was introduced on 14 May 2015, in pull request 324.
However, we audited the database but could find no evidence (other than our own tests) of this having been done by project owners.
Our current solution is to sanitise all external/social links – both when taking input from users and when rendering them on webpages – and only allowing standard website URLs to pass.
As a side effect of our fixes, project owners are now unable to add non-standard website URLs to their project’s external links – for example, https://example.com continues to work fine, but mailto:firstname.lastname@example.org no longer does.
We apologise for any concern this issue may have caused.
The Zooniverse Blog. We're the world's largest and most successful citizen science platform and a collaboration between the University of Oxford, The Adler Planetarium, and friends