Template talk:OWID

When I copied everything to Basque wikipedia, once the consent was given, it saved the option and there was no need to consent again. Now I see that the consent must be given always. Is there a way to save the consent, @Sophivorus? Theklan (talk) 21:03, 18 April 2024 (UTC)Reply

@Theklan Hi! I just double checked and the consent was saved successfully. If the page is reloaded, then the consent is lost, but that was also the case before, judging by the code. We could make a more persistent consent by using a cookie. Sophivorus (talk) 21:32, 18 April 2024 (UTC)Reply

No, it didn't do it before. I didn't need to add the consent every time the page was loaded. Theklan (talk) 10:32, 19 April 2024 (UTC)Reply

@Theklan I just modified the code to use a cookie (diff). Cheers! Sophivorus (talk) 12:54, 19 April 2024 (UTC)Reply

Apparently, this only works per page. I've been fixing the template call on euwiki and have been asked to confirm my consent (too) many times. Thinking maybe mw.storage would be a better option. pon_or (talk) 16:43, 10 April 2026 (UTC)Reply

@Ponor Hi! I was unable to reproduce the issue (my consent is remembered, both in euwiki and eswiki). I'll look into the code soon to try to figure out what might be happening, but if you discover any clue please let me know. BTW, while looking into this issue, I fixed several charts in euwiki that were using the old "owid" parameter instead of "chart" (example). Cheers! Sophivorus (talk) 15:27, 11 April 2026 (UTC)Reply

The play button shows as a non existing character (☒) in mobile. I think that the play itself is loaded from a character not available for mobiles. Theklan (talk) 08:00, 24 April 2024 (UTC)Reply

Solved with ►. Now there may be some css minor changes to do, so it gets completely centered. Theklan (talk) 08:10, 24 April 2024 (UTC)Reply

@Theklan Thanks. I was able to center it vertically. It's still a bit off center horizontally but I can't think of a simple way to fix it, and in any case it's not so ugly, I think. Sophivorus (talk) 12:12, 24 April 2024 (UTC)Reply

Raised here with discussion here. Doc James (talk) 20:34, 26 April 2024 (UTC)Reply

To improve the privacy and security of OWID iframe embeds, we recommend tightening the sandbox attribute by removing allow-top-navigation-by-user-activation to reduce the risk of social engineering attacks, and keeping allow-same-origin only if required by OWID scripts. Adding the experimental credentialless attribute helps isolate the iframe from the parent context by preventing credentials from being sent. To minimize URL referrer leakage—particularly in older browsers—the referrerpolicy should be set to no-referrer, preventing the embedded OWID page from learning where it was loaded from. While these mitigations don’t protect against a full OWID compromise, they significantly reduce passive tracking and strengthen the embedding setup.

Recommended adjustments:

• Remove allow-top-navigation-by-user-activation
• Add referrerpolicy="no-referrer"
• Add credentialless attribute
• Keep allow-same-origin only if needed

Recommended code changes for MediaWiki:Gadget-Global-OWIDPopup.js:

var $iframe = $( '<iframe></iframe>' ).attr({
   src: 'https://ourworldindata.org/' + data.owid,
   width: '100%',
   height: '600px',
   sandbox: 'allow-scripts allow-same-origin',
   referrerpolicy: 'no-referrer',
   credentialless: true,
   frameborder: 0
});

We also recommend linking to the OWID privacy policy in the consent dialog that pops up the first time you interact with the gadget.

Thank you! Mark Bergsma (WMF) (talk) 18:37, 31 July 2025 (UTC)Reply

@Mark Bergsma (WMF) How do you feel about the "allow-popups" directive? The OWID frame has some links, like "Read about our data pipeline", "Explore the data" which open in a new window. Without the allow-popups directive such links don't work. The popups would still be subject to the same sandbox. Bawolff (talk) 20:54, 1 August 2025 (UTC)Reply

I added allow-popups. Let me know if you object to it. Bawolff (talk) 04:46, 10 August 2025 (UTC)Reply

Hi @Bawolff - yes, we are fine with "allow-popups". Mark Bergsma (WMF) (talk) 12:43, 18 August 2025 (UTC)Reply

On the subject of allow-same-origin. It seems incompatible with "archived" OWID maps. It does seem to mostly work on non-permalink maps though (albeit with a bunch of errors in debug console). Given that I've opted to keep allow-same-origin at least for now. Bawolff (talk) 02:00, 2 August 2025 (UTC)Reply

When the image generated by the template is found next to some other floating element (infobox, image), it is shown next to it. Floated images are usually shown one below the other. So float:right needs a clear:right, and float:left needs a clear:left. pon_or (talk) 19:59, 9 April 2026 (UTC)Reply

Done I just added "clear" to this template (diff) and also to the Wikipedias that already adopted it. Sophivorus (talk) 22:16, 9 April 2026 (UTC)Reply

(previously briefly discussed with User:Sophivorus here)

The current wording of the OWID popup may unintentionally sound alarming, as it could be interpreted as implying active tracking or linkage between IP addresses and Wikipedia user accounts. In practice, the data involved appears limited to standard web request logging (IP address, user agent, language), similar to what occurs when visiting any external site. I suggested revising the message to be clearer and less intimidating, while still transparent about the external request. Some possible alternatives:

1. This content is hosted externally by Our World in Data. Do you want to load it?
2. This content comes from Our World in Data, which may log your request. Proceed?
3. This content is provided by Our World in Data. Loading it will contact their servers. Proceed?
4. To display this content, your browser will request it from Our World in Data. Continue?
5. This content is provided by Our World in Data. Loading it will connect to their servers and will be logged. Continue?
6. This content is served by Our World in Data. Loading it will contact their servers and may be recorded in their access logs. Continue?

Feedback on wording and level of detail would be welcome. pon_or (talk) 15:38, 10 April 2026 (UTC)Reply

Yah, no different than clicking on a reference link. Doc James (talk) 16:51, 10 April 2026 (UTC)Reply

I think loading the iframe is actually less invasive than clicking a reference link, because the iframe is sandboxed (and loaded from the special subdomain without third-party tracking that OWID set up for Wikipedia). But whatever. Sophivorus (talk) 15:06, 11 April 2026 (UTC)Reply

I think the new wording needs to be agreed to with WMF. Bawolff (talk) 17:59, 10 April 2026 (UTC)Reply

Pinging some people from the WMF that have previously participated in this process: Mark Bergsma (WMF) EMill-WMF CCiufo-WMF Quiddity (WMF) What do you think guys? Sophivorus (talk) 15:11, 11 April 2026 (UTC)Reply

Just mentioning here that we are not ignoring this, but discussing it internally. EMill-WMF (talk) 17:11, 14 April 2026 (UTC)Reply