https://bugzilla.wikimedia.org/show_bug.cgi?id=33046
--- Comment #2 from Sergey Chernyshev <[email protected]> 2011-12-27 06:11:34 UTC --- I think the intended use is to add more logic within widgets using MW's internal functions, e.g. getting a full URL of the article, validating if article exists, getting Article ID and so on. This all can be done when wrapped in the template, but when it's a question of security, all that becomes an issue as there is no way to restrict the use of the widget (and I don't know how it can be reasonably done). I'd say Widgets extension should not be solving security more then common XSS issues - if something more complex needed, regular extension should be written. Widgets was only intended to replace a ton of simple extensions who's sole purpose was to insert "widgety" code and substitute some parameters in a way that would be challenging for Templates. That being said, if somebody knows a smart and simple way to make this happen, I can take a look myself, or help someone who wants to volunteer. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
