Board Thread:General Discussion/@comment--20150814190019

Hello Wikia.

I would like to provide some updates about the weekend security actions and some clarity about what changes Wikia will be making around customizations in the near and long-term.

First and foremost, here’s where we stand today. The MediaWiki namespace was locked down starting Monday so that only staff can edit. We have begun to ease these restrictions by opening editing of the MediaWiki namespace back to admins on the communities that use those pages the most. Editing on the most used MediaWiki pages - Common.css, Wikia.css, Monobook.css, Wiki-navigation, and Community-corner - is open to all admins. For now, editing of *.js pages specifically will continue to be restricted to staff only, but we also anticipate removing these edit restrictions for some community admins next week, along with allowing users to edit their own personal JS. We will continue to examine and scale these abilities out over the next few weeks.

Now for some words on how Wikia plans to move forward.

With regards to JavaScript, Wikia is looking to move towards a code review system that will hopefully improve collaboration between communities and make the reuse of code a simple task. Admins will be able to write JS and submit it for review. Then a group will review code changes to ensure they are both secure and don’t include any major breaking changes. Changes will not go live until they do. There is also the vision of a code library as part of this change, in which admins can easily import bits of common, pre-approved code so they don’t have to write it out locally. This is something we are definitely aiming to do before the end of the year and currently we are targeting early autumn for the first tests and beta versions.

With regards to the Verbatim extension, we are currently running analytics to determine the most common use cases of the tool as it stands today. The goal is to ultimately turn these big needs from being used in the catch-all solution of Verbatim to a more secure, structured, and built-out tool. A great example of this is Twitter feed integration into a community. An in-house tool to embed these feeds should be a lot simpler than the current Verbatim method.

Once we have firmer dates and products to demonstrate, we will share more on the Staff Blog. Thanks again to the community for your continued patience as we work towards ensuring a safer environment for you all, while retaining the work you’ve done to make your communities as awesome as they are today.

Edit 1: Posted this response to widely address some concerns and follow up questions raised in the replies.  