Board Thread:New Features/@comment-26339491-20191016152503/@comment-27345308-20191017214650

Andrewds1021 wrote: I am sorry to hear that it burns your eyes. To be frank though, you really can't expect other users to go around checking everyone else's personal CSS/JS to make sure their choice of colors workd for everyone. I wasn't particularly serious, just noting that sometimes not making color choices is better than making them.

Andrewds1021 wrote: Thanks particularly for the info on HTML. If it is for security reasons, then I guess there isn't much that can be done. That being said, it sounds like the whiltelist for Discussions is a subset of that for MediaWiki. Do you know why some tags are not secure in Discussions even though they are on the wiki? If they are secure but just not whitelisted, then I think they should be whitelisted. I think it would help if the Discussions whitelist was as close to the MediaWiki whitelist as safely possible. If I was (and when I was) building my own HTML whitelist I would intend to be as strict as possible, and only include tags that I intend users to enter as a part of the user interface. It is a good security practice to give everybody as little permissions as possible, and while new HTML tags/attributes aren't necessarily "permissions", it certainly sounds hacky if there are whitelisted HTML tags that aren't supported by the user interface.

That said, the whitelist MediaWiki applies is on tags allowed in wikitext: extensions could still register their hooks that return HTML that otherwise couldn't be injected via wikitext, and if you wanted a fully functioning editor for old Forum posts the Discussions HTML whitelist would have to include all (or most) tags generated by Fandom's MediaWiki extensions, which is way bigger than MediaWiki's HTML whitelist in wikitext. For example:
 * links, let alone the lazyloading system, use  and.
 * If used on audio files, they also insert inline JavaScript in  attributes.
 * tag injects a  tag in the rendered HTML.
 * Integration tags like,   and   insert iframe elements into the DOM which are certainly something users should not be able to insert easily into pages.

Andrewds1021 wrote: Regarding images, I assume that even though they are on the same host, they are in different directories, yes? Otherwise, I don't see why it would make sense to have two otherwise separate systems store images in the same place. If I am understanding correctly, to use an image both in Discussions and on the wiki, you have to upload it twice; once with each method? That seems like creating the potential for a lot of duplicate files. "directories" is an oversimplification with the huge cloud services Fandom uses for their file storage (Google Cloud Storage, among others probably?) and with how these files have to go through both Vignette and Fastly before being served to users, but yes, they are most likely stored pretty separately. Yes, to use an image in both places (with a proper image embed and not just relying on link embeds embedding the file you need) you'll have to upload it in both places. I don't think files duplicated in Discussions are an issue at all, though: you don't see a list of them, you can't reupload them, non-Staff can't delete them (aside from removing them from posts, I believe?) from the servers and there is generally no maintenance you, as a user, need to do on these files. When compared:
 * Regular image URL:
 * suggests the file is used by MediaWiki instances, considering how this is how file paths are generated in vanilla MediaWiki too. A default installation of MediaWiki stores images in an  folder on the server that hosts the wiki, f is the first letter of the MD5 hash of the file's name (in this case  ) and fe are the first two letters of it, see mw:Manual:$wgHashedUploadDirectory.
 * It is often served with Vignette paths, as well with  (this is a MediaWiki thing for linking to older file revisions).
 * Discussions image URL:
 * This is the same "host" used for avatars. In fact, with Discussions API you can embed people's avatars into Discussions posts (thought they won't update).
 * It allows for Vignette URL paths like usual URLs: https://static.wikia.nocookie.net/483ec4f2-4580-4c62-ab0c-794ebaf41a0d/scale-to-width-down/16
 * The most important difference seems to be that you can't tell where the image was uploaded only based on its URL.
 * I will be able to provide information about the image whitelist on Discussions at a later date.

Mira Laime wrote: Also - re: What happened with the Yellow Undertale Wiki: I can see in our records that Discussions was enabled there in December last year, after the Forums had already been disabled in May 2017. This isn't unusual: We've had plenty of communities (some that did and some that did not have Forums) request that we enable Discussions. The log doesn't show who exactly requested that Discussions be enabled there. Fandom's old support system where that request would have been recorded is now gone, so, sadly, I can't solve the mystery of who asked for this. It doesn't look like a situation where staff just enabled Discussions without anyone's consent, since this is a smaller wiki, not featured in the Fandom app, and the staff member who did it is someone who would only make such a change upon an admin's request. I was the only active admin on the wiki at the time you mentioned. The wiki's founder came back from the dead really recently after being gone since 2016, and the other administrator there, Cheeseskates, has been promoted in February this year. Fandom's "old support system", as Sophiedp mentioned, isn't really gone - all support tickets have been migrated to the new one. For example, here is the my request about disabling Forum and not migrating to Discussions on that wiki in May 2017. I cannot remember making a request to enable Discussions at that time (especially since I was busy with many other things), but I can investigate further to see if somebody from related wikis knows more about it. I'm glad to hear you don't generally intend to force wikis without Forum enabled into using Discussions.