Board Thread:General Discussion/@comment-27103088-20151021150257

This new js reviewing process that's being worked on sounds awful to me, mostly because it's a slow process that depends on real people monitoring the code of dozens of wikis. Most of the people here are going to be importing code from trusted sources such as the Dev Wikia, such a painful process is too much for adding minor enhancements.

I can understand why the process is being implemented, as js can and has been exploited to steal user information. However, I believe there are better ways to deal with this other than restricting everyone's use of js.

For example, code could easily be parsed at publish-time to detect any changes to DOM objects. Any modification, creation or deletion of form objects or their children should be flagged and reported automatically to staff so they can review the potentially malicious code. It should also be possible to implicitly wrap all DOM references in a function that will check if the object is safe to manipulate, and if it isn't the code should stop running and also be reported automatically to staff.

I believe these measures would be enough to prevent security exploits through JavaScript, while not forcing this invasive review process onto legitimate wiki admins who want to add some neat animations on their pages. 