As @MusikAnimal pointed out in this thread template and module vandalism can be a serious issue when it comes to heavily transcluded templates or modules. As a general and well extended practice across all wikis, heavily transcluded or sensitive templates and modules are regularly (semi)protected to avoid vandalism. Instead of having to manually do so, or having to depend on external tools such as bots, I think MediaWiki (or an extension for MediaWiki) could be configured to automatically issue such protections or restrictions based on an on-wiki configuration file or (better IMHO) an Special Page accesible to wiki administrators. Thanks for your consideration.
Description
Description
Event Timeline
Comment Actions
(Given that I'm not sure how this can be implemented: on core or an extension; per MediaWiki-extension-requests instructions).
Comment Actions
There is now a bot that does this on English Wikipedia and Meta. Any other communities interested in having this bot can contact me directly. A pure MediaWiki solution would be nice but I don't think it's on Community-Tech's radar.
Comment Actions
Could be handled in AbuseFilter (at the cost of the UX being more awkward - no way to mark and track the page as protected) if there was a transclusion count variable, which seems easy to add. Not sure about the performance though.
Comment Actions
Could be handled in AbuseFilter (at the cost of the UX being more awkward - no way to mark and track the page as protected) if there was a transclusion count variable, which seems easy to add. Not sure about the performance though.
In most cases getting the transclusion count is fast enough, but it can be slow, and I highly suspect it'd be too slow for AbuseFilter, given it holds up the saving of edits.
Instead I envision something similar to the cron-based bot I wrote, except done via an extension (and associated bot, similar to say the MassMessage bot). I think it logically makes sense as a Core feature, but this is really only a problem for very large wikis subject to both high-risk templates and some very determined and crafty vandals.
Also bear in the mind the mapping of tranclusion counts/protection levels should be configurable as the needs will vary by community. Those could be stored with normal $wg config variables. In addition you'll want some way for the community to provide specific pages and/or title patterns of pages that shouldn't be protected, via an interface message or JSON config page. https://en.wikipedia.org/wiki/User:MusikBot_II/TemplateProtector#Configuration may provide some inspiration.
Comment Actions
One idea I had was some something similar to the bad image list but specifically for templates. A file used in the most recent vandalism has a very legitimate purpose on multiple articles and templates, and so adding it to the BIL would cause a lot of problems. Similarly, adding it to the AbuseFilter would be a lot of overhead for each edit and as it scales up would just duplicate the BIL. Having a by-namespace restricted image list, we could prevent the addition of particular images to templates without impacting the ability to add those templates to proper pages. It's not a perfect solution to the original task, but it does succeed in reducing the attack surface caused by templates.
Comment Actions
A list of problematic images wouldn't be really useful without some mechanism for also limiting recently uploaded images, and a workstream for reviewing new image uploads (something like 30K/day) and adding them to the list. Not realistic IMO. Also using a list to prevent images from being added to CSS rules is pretty hard, if at all possible.