Extension:Graph/Plans

This page is a place for WMF staff and volunteers to gather the information needed for the WMF to decide the role it will play in ensuring the needs the Graph Extension emerged to serve continue being met.

Decisions to be made
The Open questions listed below are meant to surface the information the WMF will need to make the following decisions:


 * 1) What needs will any proposed path forward need to meet?
 * 2) What role will the WMF play in ensuring these needs are met?

Open questions
In order to make the Decisions to be made above, we think we need to answer the list questions below. We anticipate this list evolving over time as new information emerges.


 * 1) Who are the people (e.g. WMF teams, volunteers, WikiProjects, etc.) that depended on the Graph Extension? In what way(s) had people been using the Graph Extension?
 * 2) A (old, but I doubt much has changed) analysis of this is at User:Bawolff/Reflections on graphs
 * 3) Volunteers
 * 4) Generate infographics to present data to readers in a variety of forms. E.g. bar chats, stacked graphs, pie charts, scatter plots, timelines, histograms, geographic maps.
 * 5) See Category:Pages with disabled graphs for the range of pages/contexts where the Graph Extension was used
 * 6) Generate graphs on talk pages to show article   and user page views over time.
 * 7) Use the Graph extension to generate maps with more features than the Kartographer extension provides.
 * 8) Generate page view graphs on ?action=info as part of Extension:PageViewInfo
 * 9) Generate Interactive COVID-19 maps
 * 10) What is no longer possible as a result of the Graph Extension being disabled? Asked another way: what capabilities did the Graph Extension provide for which you have not yet found a viable workaround?
 * 11) What did you notice yourself (and other people) using the Graph Extension to do that you hadn't been doing before?
 * 12) Ahecht: Treating charts as collaborative content equivalent to the rest of a Wikipedia article. Editors are reluctant to tweak a chart when it requires downloading the source data, recreating a similar chart from scratch in external software, converting it to an image, and uploading it over another editor's image, and therefore each chart would only be edited by it's initial creator.
 * 13) What – if anything – did the Graph Extension make it easier/more convenient to do? If you can, please describe what each "task" you used the Graph Extension for looked like before and after it existed.
 * 14) RobinLeicester As with the charts, improving/adding to an annotated map, either your own or someone elses, became much more like proper wikipedia editing, compared to uploading a 'finished' item to commons. With such limited options within maplink, external graphics programs would have to be used and the result is then fossilised on the page, or never attempted in the first place. Also, placing annotations using 'coords', on a reliable base map, makes them more verifiable and correctable.
 * 15) What workarounds have you developed and/or seen other volunteers develop in the time between now and when the Graph Extension was disabled?
 * 16) 86.122.161.172: Nothing, there are just too many pages and there was too much effort involved in developing the existing graphs to replicate at once on smaller wikis. I really hope that if another solution is provided, an automatic converter will also exist.
 * 17) What tools (on- and off-wiki)/templates/gadgets/etc. are you currently using to create data visualizations for Wikipedia?
 * 18) Why do you think it is or is not strategically important for the Wikimedia Movement to offer on-wiki tools for storing, editing, and visualizing data?
 * 19) What requests (e.g. wishes) have volunteers made over time to improve support for storing and representing/visualizing data on-wiki?
 * 20) T195627: Support Vega 3.0 in Graphoid
 * 21) T195628: Support Vega Lite 2.0 in Graphoid
 * 22) T100444: Graph localization support
 * 23) T165118: Support Vega 5.0+
 * 24) meta:Improve graphs and interactive content
 * 25) What – if anything – could be done to safely reenable the Graph Extension?
 * 26) Some proposals have included (These may or may not be sufficient and different people have different opinions)
 * 27) T222807 - Use browser based iframe sandboxing
 * 28) Render server side (or render client side with some sanitization layer) to allow static but not interactive graphs
 * 29) T336595 - Make editing graphs be restricted similar to MediaWiki:Common.js
 * 30) Bawolff: The elephant in the room is that graph is a high maintenance extension, even before this, that on the whole is not that widely used and where it is used, it is used mostly in a fairly simple fashion. Given its usage numbers and how it is used, it is unclear that further investment is worth it.
 * 31) Bawolff: It was pointed out on phab that vega has not fixed the underlying security issue despite presumably having been aware of it for a while now. In order to be deployed again we would want both the known security issue fixed and some assurance there won't be more or have some sandboxing to lower the impact of any currently unknown issues. If Vega is not fixing it in a timely fashion, WMF could perhaps contribute fixes themselves, but being required to take that on is a very large red flag for the overall security of the library.
 * 32) Of the pages that display graphs/infographics, what proportion of them depended on the Graph Extension?





Background
On April 19, 2023 it was identified that the Graph extension, which uses the older Vega 1 & Vega 2 libraries, had a number of security vulnerabilities.

In the interest of the security of the people who use Wikipedia, the Graph extension was disabled on all Wikimedia wikis.