Board Thread:Code Review/@comment-3328029-20150728140056/@comment-24473195-20151202141328

"Another solution is to just disable hidemyself on external wikis by default (making a 'public' use more logical), while having '&username=' change it for user-specific use. Thoughts?"

Yes, disabling hide myself is a simpler option.

"rctoponly: Only list changes which are the latest revision"

Maybe this:

rctoponly: Only list changes which are the latest revision

"However, even if I check if a user has a privilege, I'm not able to figure out how to request it as that user (or if I even can due to cross origin)"

Cross-origin would likely block that.

"This script is large, so would it be 'worth' having code.2.js only have ~50 lines of code that check if the script should be activated, which then loads the rest of the codebase,"

Yes, it is better to have a smaller startup script which checks if the class is available in the page, and only then loads the script. Loading it for all pages is an incredibly bad practice especially with such a huge script. Even anonymous users who have no interest in recent changes would have to download this huge script without visiting that page especially if this is deployed site-wide.

As I said previously, dividing the script will make it more readable. You also seem to use regex to extract the urls that's risky and creates a possibility of a security hole. You could probably be using the mediawiki api:

https://doc.wikimedia.org/mediawiki-core/master/js/#!/api/mw.html