Board Thread:News and Announcements/@comment-24473195-20150815154410/@comment-24473195-20150817233201

Fewfre wrote:

Dessamator wrote: My interpretation of their message was that they want to limit people importing scripts by making "official" scripts you can (I assume) toggle on/off, while allowing you to deal with scripts as per normal (with code reviews). after all, preventing people from importing user scripts from here will just cause people to post the whole script elsewhere, and then you'll have a bunch of people posting whole scripts to their user js to be peer reviewed, which will overburden the code reviewers (since they'll need to review it "n" times), and also have the potential for these scripts to be out-of-date (which can ALSO create some security issues potentially). Hmm, though it seems logical. I don't think it will really work like that.

Lets consider how many scripts out there in the wild contain considerable exploits. Even in this very wiki, we have may inadvertedly created scripts which also have exploits.

The only possible way I can imagine this working is:


 * 1) Run analytics for common scripts/usage


 * 1) Create a library of common scripts


 * 1) Run a script that removes the "standard" scripts imported from here or elsewhere, and change their import to the library


 * 1) Disable all scripts from common.js/user.js

There may be exceptions given to top ranked wikias with trusted users such as code-reviewers could  prioritising  those.
 * 1) Custom scripts are re-added one by one on a case-by-case basis.

If it doesn't really work like that then I don't really see the point of the library or review system. Scripts with existing exploits can easily be abused/hacked again, especially those scripts that import outside resources.

The best case scenario would be two new namespaces here, one code library namespace, and one namespace for scripts awaiting review. Although chances are that reviews will be done in the particular wiki. Many scripts have dependencies such as templates, modules, images and so forth, which would make the importing complicated. Especially when one considers that only admins can import stuff here.