Forum:Javascript restrictions

http://trac.wikia-code.com/browser/wikia/trunk/extensions/wikia/ProtectSiteJS/ProtectSiteJS_setup.php?rev=44708


 * "Extension to prevent edits to articles named *.js by people not in staff group"

That says it all. I'd like to hear an explanation. 1358 (Talk)  15:47, November 9, 2011 (UTC)


 * I would presume that is not going to be compulsory, or even enabled anywhere except some rare cases. There's plenty of extensions that are enabled by request. Ofcourse, I also would like to know how it really is. (: –Tm_T (Talk) 15:54, November 9, 2011 (UTC)


 * Protectsite is a VSTF/Staff tool. It's only used in extreme cases of vandalism, and can't be done for more than two days, if I remember correctly.
 * Some wikis such as w:c:starwars have it and max time is 12 hours. 1358  (Talk)  16:19, November 9, 2011 (UTC)
 * His max time for admins is 12 hours, for staff/helpers/vstf is unlimited. 17:10, November 9, 2011 (UTC)

(Resetting indent) Hey XD - good eye! This is a simple case of us adding security measures to both protect our community and our site. We haven't turned this on, but wanted to make sure it's in place in the event we need to respond to nefarious events. Jen Burton (help forum | blog) 17:41, November 9, 2011 (UTC)
 * So it's not anything enabled by default, but in emergencies? 1358  (Talk)  18:57, November 9, 2011 (UTC)
 * Exactly. Jen Burton (help forum | blog) 19:15, November 9, 2011 (UTC)


 * Jen, would you mind elaborating a little more? I can't think of any situation that would require restricting access to js pages. So the need for this confuses me. Have any examples as to when this would be used?--


 * Let's start including extra JS files not ending in ".js" -Ciencia Al Poder (talk) -WikiDex 22:00, November 9, 2011 (UTC)
 * Let's start including extra JS files not ending in ".js" -Ciencia Al Poder (talk) -WikiDex 22:00, November 9, 2011 (UTC)


 * Hey Godisme, this code would help us in the event we needed to quickly shut down all custom .js should we discover that there has been an attack and we need to investigate, repair, and restore. Preventing edits and uploads during this time would be very important for security.


 * Ciencia, I'm sure you're not encouraging people to violate our |/Terms_of_Use Terms of Use, right? Jen Burton (help forum | blog) 23:32, November 9, 2011 (UTC)


 * Jen, if you are sure, why ask it as a question? I definetively found your response not trully sincere since you seem to be suddently worried that this system may be circumvented by people that use JS for improving the user experience and fixing Wikia bugs that Wikia company doesn't care about to fix in a resonable time/at all, asking to me particularly. --Ciencia Al Poder (talk) -WikiDex 23:59, November 9, 2011 (UTC)


 * Since this may never get enabled it is far less of a threat than Oversight. However, some clear scenarios that might be used to justify it being enabled would help. -- Fandyllic (talk &middot; contr) 11 Nov 2011 2:55 PM Pacific


 * Site-wide .js files are located in the MediaWiki: namespace, and as such are protected from non-admin edits already. Personal .js files are located in the User: namespace, and are protected, too: trying to edit the global.js of another user, I get the warning "You do not have permission to edit this page, because it contains another user's personal settings.". Edits of a user to his own .js can't ever be a "nefarious event", because it only affects himself. What remains are admin-edits to MediaWiki:Common.js or similar - so, basically, this "security measure" is meant to protect whatever community from its own admins. I guess I have a good theory about the circumstances that will lead to "JS Protection"... -- Cid Highwind 18:22, November 13, 2011 (UTC)


 * Please don't try to limit too much the wiki customization... there is already a strict ToU so if you think some code are a ToU jsut talk it out with the local admins since they are the only one who can edit the global JS. I don't think we can hack Wikia with a simply JS... and I have yet to see an admin vandal, and in a case like that, simply demoting the admin is enough. If you want to temporary "disable" custom JS, blank out the Common.js is enough too, so I'm also puzzled on the utility of that code.
 * As Jen's said, that's not the aim of the extention, the aim is - if there was an exploit - to be able to quickly disable edits until it's fixed --  Random Time  18:57, November 13, 2011 (UTC)