Page MenuHomePhabricator
Create Task
Maniphest T403260

Improve guardrails on changing content models
Open, Needs TriagePublic
Actions

Description

Most content models in core are currently unrestricted – it's possible to convert a page in mainspace to CSS, JS, JSON, Vue or even plain text, even though it should never be done. Content models added by extensions come with better guardrails – Scribunto, SecurePoll, JsonSchema, GadgetDefinition, and EntitySchema are allowed only on specific namespaces or namespace + title prefix.

To allow broadening access to the editcontentmodel right (T85847: Grant editcontentmodel right to all logged in users), we should audit usage of ContentHandler::canBeUsedOn() and make sure the right cannot be easily abused.

Another idea is to make move-protection restrict changing content model as well. Having a separate protection level altogether would be going too far.

Related Objects
Search...

Event Timeline

SD0001 created this task.Aug 29 2025, 12:28 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 29 2025, 12:28 PM
SD0001 added a parent task: T85847: Grant editcontentmodel right to all logged in users.Aug 29 2025, 12:29 PM
Pppery subscribed.Aug 29 2025, 2:18 PM
SD0001 updated the task description. (Show Details)Aug 29 2025, 5:23 PM
Alex44019 subscribed.Aug 29 2025, 7:57 PM
Bugreporter2 awarded a token.Sep 28 2025, 11:28 AM
Bugreporter2 subscribed.Sep 28 2025, 11:32 AM
Bugreporter2 added a comment.Sep 28 2025, 12:11 PM

One thought is that page moves should be restricted to movement to a page name that would by default have the same content model. So, it'd be OK to rename foo.js to bar.js or foo.css to bar.css but not foo.js to bar.css(?)

SD0001 added a comment.Sep 28 2025, 6:06 PM
In T403260#11222753, @Bugreporter2 wrote:

One thought is that page moves should be restricted to movement to a page name that would by default have the same content model. So, it'd be OK to rename foo.js to bar.js or foo.css to bar.css but not foo.js to bar.css(?)

This can only be done after T85847, since it would make it impossible to have a TemplateStyles page in userspace. (Right now the process is to create it in template space where the default is sanitized-css, and then move it to userspace.) Not sure if it really needs to be disallowed; a warning could be enough.

SD0001 renamed this task from Improve restrictions on changing content models to Improve guardrails on changing content models.Dec 6 2025, 7:06 PM
SD0001 updated the task description. (Show Details)
Bugreporter2 added a comment.EditedWed, Apr 8, 1:16 PM

Another idea would be to restrict each namespace to a single content model. This would require some reshuffling of existing pages, and a handful of new namespaces like:

  • Module_documetation
  • Template_documentation
  • Sitewide_JS
  • Sitewide_CSS
  • User_JS
  • User_CSS

But I think it would make things somewhat tidier, and also futureproof wikis. The present system has grown organically but haphazardly over the years.

But especially if T85847: Grant editcontentmodel right to all logged in users is going to be nixed.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits