Board Thread:Watercooler/@comment-24473195-20160526110434/@comment-24473195-20160528100546

Lil&#039; Miss Rarity wrote: But since reviews are already done in a timely fashion there is no real reason to complain. It takes a day at most and the fact that it had to be reviewed isn't really an issue. It is a waste of everyone's time for Wikia Staff to review localization changes. First, most of them are not qualified to do so because they don't likely understand the languages they are reviewing, and someone could easily have translated it to insults or anything else, and they wouldn't know.

>Not to mention you can't just make pages that don't require review and still have them loaded by the script. That defeats the purpose of the security review in the first place.

Incorrect. My above mentioned Jumbles script saves the information in an external file that doesn't require any review, because it is stored in a "MediaWiki:Custom-*". It is possible to escape the output and validate the input anyway with the aid of the  Messages api or the html API.

> Requires another HTTP request to fetch

True. But there are many techniques that may render this unnecessary. One can store it in local storage on first load (refreshing it as needed), and one doesn't need to fetch the localization if the users' interface is in the same language as the tool.

> Increases the chance of someone breaking it by accidentally mangling the JSON

It is trivial to activate the json code-editor  for any pages ending with .json (if wikia wants to). In fact, someone already made a tool that makes it possible to configure scripts without touching any JSON.

> Increases the likelihood that something could be slipped in and not sanitized

There is a whole API designed for sanitizing and using localized messages. So that's a non-issue.

Overall, I'm not proposing anything new or special. This has been successfully used in Wikimedia wikis for years. See for example the hotcat, used by thousands of users in dozens of wikis, and with proper localization.