Project Information
- Name of tool/project: Extension:ReportIncident
- Project home page: https://www.mediawiki.org/wiki/Extension:ReportIncident
- Name of team requesting review: Trust and Safety Product Team
- Primary contact: @kostajh
- Target date for deployment: February 2024
- Link to code repository / patchset: https://gerrit.wikimedia.org/g/mediawiki/extensions/ReportIncident
- Link to scc output for general sizing of codebases (https://github.com/boyter/scc): P53123
Description of the tool/project:
The ReportIncident extension allows users to report incidents of harassment and abuse.
High-level summary:
- There's a new link in the "Tools" menus for Vector and Minerva, with the label "Report"
- When viewing an enabled namespace (by default, user talk namespace), there will be an overflow menu adjacent to comments and topics that allows the user to click "Report"
- After clicking "Report", a form shows with one step of guidance, and a second step where the user can select a username to report
- After pressing "Report", we POST the contents to an API endpoint managed by the extension
- The extension sends an email containing the report contents to configured email addresses
- The report is not saved in a DB currently
See T337566: [EPIC]: Incident Reporting System - Minimal Testable Product (MTP) for the relevant tasks.
Probably the main thing to review is XSS in the form, and that we've sufficiently secured the API endpoint. We have defined some anti-abuse measures (T348322) but it's possible we've missed things.
Description of how the tool will be used at WMF:
Deployed to pilot wikis in February 2024, then wider rollout.
Dependencies
List dependencies, or upstream projects that this project relies on.
Soft dependency on DiscussionTools for integrating the entrypoint to the reporting form.
Has this project been reviewed before?
Please link to tasks or wiki pages of previous reviews.
No
Working test environment
Please link or describe setup process for setting up a test environment.
- Use Patch Demo, and enable "ReportIncident" and optionally "Inbox" extension to see emails that the extension generates.
- Visit any beta wiki as a logged-in user, look for the "Report" button in the tool menu, or in the overflow menu in DiscussionTools-enabled user talk pages
Post-deployment
Name of team responsible for tool/project after deployment and primary contact.