--- Comment #29 from Chris Steipp <cste...@wikimedia.org> ---
(In reply to Ori Livneh from comment #28)
> (In reply to Yuvi Panda from comment #26)
> > +1 to putting Global JS/CSS behind a flag, defaulting that to off,and
> > deploying this.
> Could we simply remove this feature from the extension? It appears to have
> been tacked on as an afterthought, without a cohesive story about why and
> how it fits with the rest of the extension. (I contrast that with the
> primary functionality of the extension, which strikes me as a deliberate and
> practical solution for a well-defined problem.)
> Hiding it behind a configuration variable does lower the stakes a lot, but
> it still plants a flag on this problem and adds another code artifact with
> which alternative solutions will have to contend.
On other non-wmf wiki farms, I can see this feature being very helpful. So I
think we should leave it in behind the feature flag. If having that means
shoutwiki/wikia/whomever will use it and help maintain the extension, I think
it's a positive addition and we (wmf) shouldn't block it.
Regarding the feature on general WMF-specific security, the only attacks it
would open up would be that meta admins would be able to attack wikis without
the other wiki's users actually visiting meta (where meta's site js can then
talk cross-domain to a wiki, and do whatever the admin wants). CN allows this
too, but provides a lot of additional controls to make sure it's correctly used
(timeouts, and targeting), and IIRC, campaigns can't be suppressed, whereas an
edit to the .js can later be suppressed to hide that it once ran.
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list