Topic on Talk:Outreach programs/Possible projects

Qgil-WMF (talkcontribs)

Considering the proposal to Improve Extension:CSS for Summer_of_Code_2013#Project_ideas... Could we have a reasoning of what needs would this solve in real projects out there? The idea sounds interesting and it is good to see a mentor backing the proposal. The proposal would gain strength if it would be clearer what are the specific problems or limitation MediaWiki sites are facing that would be solved with this project. I get the idea that now they can't use full CSS to style a single page. The question is though who wants to do this and why.

I can see somehow that better per-page CSS capabilities might help building visually attractive wiki pages and follows the line of giving more power to editors as we are doing with templates and gadgets. Still, more feedback from other developers and maintaners would be welcome.

Also more information about the mentor and his involvement in the MediaWiki / Wikimedia community would be welcome. There is not much said in the user profile(s) and I lack more background.

Thank you!

This post was posted by Qgil-WMF, but signed as Qgil.

GICodeWarrior (talkcontribs)

Thanks for the feedback Qgil.

My primary interest in Extension:CSS is for wiki installations with trusted users. Often these are private/internal wikis or CMS type configurations. In these cases, I have found it beneficial to give editors more control over formatting. Often times there are one-off tables or portal pages where editors want to customize the presentation.

One of my goals for WikiFYD is to provide a variety of layout/formatting examples for portal pages, tables and other complex information. The CSS for each example would be included so anyone (with the extension) can easily use them.

Does that help?

I have also updated my user page with some relevant information.

Qgil-WMF (talkcontribs)

Could those "trusted users" be defined group permissions like e.g. the editors group here?

This post was posted by Qgil-WMF, but signed as Qgil.

GICodeWarrior (talkcontribs)

It would be difficult, wouldn't it? How do you (cleanly) prevent non-privileged users from adding/editing CSS rules in an otherwise editable article?

Qgil-WMF (talkcontribs)

Ah, yes. Just for the sake of discussion:  :) what about having an edit submission check or a bot looking at new edits to detect CSS code. Whenever a page gets new or edited CSS code then Extension:FlaggedRevs would set that page for review by a CSScops user group. You could decide whether to show the last version of the page or not, and to which users. I'm no security expert but maybe you could activate FlaggedRevs only with specific CSS code regex instead of just anything.

Anyway, I'm digressing. I just want to make sure we don't support a project for GSOC that later on someone says that brings security holes to a MediaWiki installation.

This post was posted by Qgil-WMF, but signed as Qgil.

GICodeWarrior (talkcontribs)

The proposal is to implement whitelisting. Whitelisting is a more powerful security feature than a regex or moderator review.

What gives you the impression that these improvements bring "security holes to a MediaWiki installation"?

Qgil-WMF (talkcontribs)
Reply to "Improve Extension:CSS"