Change Details

MediaWiki allows administrators to customize site behavior by adding custom JavaScript and CSS. This feature implicitly assumes that administrators are trusted users - while this is true for projects such as Wikipedia, it results in problems on shared installs or wiki hosting services, where it is possible to create a new wiki and add malicious site JS that can then be used to take over accounts with global rights that visit the page. At Wikia, a JavaScript review system is provided by MediaWiki extension [[ https://github.com/Wikia/app/tree/dev/extensions/wikia/ContentReview | ContentReview ] which ensures that changes made to site JS are not live for other users until they have been approved by someone with appropriate rights. The goal of this project is to create a prototype that implements the basic functionality of the Wikia ContentReview extension while being compatible with the latest versions of core MediaWiki. Workflow: * Edits made to JavaScript pages have to be submitted for review. * Reviewers may approve or reject submitted edits. * If an edit is approved, the changes will be visible to all users of the site. * Changes made in unsubmitted, pending, and rejected edits do not affect users of the site.

MediaWiki allows administrators to customize site behavior by adding custom JavaScript and CSS. This feature implicitly assumes that administrators are trusted users - while this is true for projects such as Wikipedia, it results in problems on shared installs or wiki hosting services, where it is possible to create a new wiki and add malicious site JS that can then be used to take over accounts with global rights that visit the page. At Wikia, a JavaScript review system is provided by MediaWiki extension [[ https://github.com/Wikia/app/tree/dev/extensions/wikia/ContentReview | ContentReview ]] which ensures that changes made to site JS are not live for other users until they have been approved by someone with appropriate rights. The goal of this project is to create a prototype that implements the basic functionality of the Wikia ContentReview extension while being compatible with the latest versions of core MediaWiki. Workflow: * Edits made to JavaScript pages have to be submitted for review. * Reviewers may approve or reject submitted edits. * If an edit is approved, the changes will be visible to all users of the site. * Changes made in unsubmitted, pending, and rejected edits do not affect users of the site.

MediaWiki allows administrators to customize site behavior by adding custom JavaScript and CSS. This feature implicitly assumes that administrators are trusted users - while this is true for projects such as Wikipedia, it results in problems on shared installs or wiki hosting services, where it is possible to create a new wiki and add malicious site JS that can then be used to take over accounts with global rights that visit the page. At Wikia, a JavaScript review system is provided by MediaWiki extension [[ https://github.com/Wikia/app/tree/dev/extensions/wikia/ContentReview | ContentReview ]] which ensures that changes made to site JS are not live for other users until they have been approved by someone with appropriate rights. The goal of this project is to create a prototype that implements the basic functionality of the Wikia ContentReview extension while being compatible with the latest versions of core MediaWiki. Workflow: * Edits made to JavaScript pages have to be submitted for review. * Reviewers may approve or reject submitted edits. * If an edit is approved, the changes will be visible to all users of the site. * Changes made in unsubmitted, pending, and rejected edits do not affect users of the site.