Page MenuHomePhabricator

Move edit notices for pages out of the MediaWiki namespace and into a parser function on the page itself
Open, Needs TriagePublic

Description

It makes sense to have namespace edit notices in the MediaWiki namespace, but I don't see why edit notices for base pages should be there. It bloats the message cache and requires elevated privileges. Why should setting an edit notice for a single page require such permissions?

Also, T85372 proposes adding edit notices for categories, and I don't think they should be in the MediaWiki namespace either.

I suggest adding a {{#editnotice}} parser function which would copy the expanded wikitext into page_props. To fetch edit notices, MW would check page_props for the page itself, the base page, and the categories the page is in. By default, {{#editnotice}} on a category would only affect edits to the pages in the category, not edits to the category page. The messages would also continue to be checked for some suitable deprecation period.

To mitigate the risk of a DoS via edit notice preventing the editing of a page, there would be a request parameter notice=false which disables the display of edit notices. API editing would also be possible.

For expedient review, category and base page notices would be labelled with a link to the page which generated them.

I would like product manager review of this idea. In particular I would like to know if anyone can think of any likely negative community consequences for a reduction in permissions required for setting edit notices.

Event Timeline

tstarling raised the priority of this task from to Needs Triage.
tstarling updated the task description. (Show Details)

I can't pretend to do a product manager review of this idea, but I'm a long term admin at enwiki so can anticipate the kind of issues it would create there, and on other 'big wikis'.

First, in terms of vandalism risk, due to transclusion, the scope of the potential abuse is much more than a single page. It would be easy for a vandal to affect tens of thousands of pages, and this kind of template vandalism would be non-obvious to fix as it doesn't give a clue as to which of the transcluded template is responsible. A link to the page which generated them would not be enough in that case. Only power users would know of using Special:RecentChangesLinked or notice=false. This would also apply to small wikis, which are also susceptible to vandalism and might not have enough power users to handle these issues in a reasonable time. This would be even more of an issue if we implement per-category editnotices this way. By targeting templates like Template:Large category TOC, vandals could literally affect millions of pages. We would likely have to semi or template-protect these templates from editing, which would IMO be an undesirable outcome.

Regarding the message cache being bloated, I think we could simply remove per-article editnotices, since they can be easily implemented from the per-namespace notices by checking {{PAGENAME}}, it's actually what enwiki does. By using a template system like this, the wiki can choose which usergroup it allows to edit (it can impose restrictions using the title blacklist). On this subject, it should be noted that currently at enwiki only admins or template editors can edit editnotices, and a proposal to relax the restriction to autoconfirmed was rejected. Concerns included: unnecessary interface bloating, excess instructions discouraging newcomers, and so on. So if this were actually proposed to the community, I believe there would be consensus against it, even if the vandalism risk is somehow mitigated. For per-category editnotices, there would only be few of them: two at enwiki are currently implemented via JS, and I don't expect the number to increase much when properly implemented in core. And I'm not aware of any other public WMF wiki using them. So having them in MW namespace shouldn't be an issue.

In terms of implementation, I'm also not sure how support for multiple languages could be provided.

<removed text from description that was true at the time, but is no longer true>

This would be even more of an issue if we implement per-category editnotices this way. By targeting templates like Template:Large category TOC, vandals could literally affect millions of pages. We would likely have to semi or template-protect these templates from editing, which would IMO be an undesirable outcome.

Less than three months after this comment, in April 2016, that template was indefinitely protected. I think the attack vector you're discussing is editing category pages that use that template such as https://en.wikipedia.org/wiki/Category:Living_people. Category editnotices for such a large category could affect over 1 million pages.

Regarding the message cache being bloated, I think we could simply remove per-article editnotices, since they can be easily implemented from the per-namespace notices by checking {{PAGENAME}}, it's actually what enwiki does.

I stumbled upon this task while trying to figure out if it's a known issue that pages such as https://en.wikipedia.org/wiki/Special:WhatLinksHere/Template:Editnotices/Page/Rashida_Tlaib are seemingly being transcluded without being tracked via templatelinks. This is pretty strange since from what I can tell, we're relying on transclusion syntax such as {{ foo }} to retrieve and output the contents of these pages, but we don't then track that usage.