XZise added a subscriber: XZise.
XZise added a comment.
One main problem here is how to determine if a token name like //edit// is actually a
//csrf// token. We could do it similar to the current implementation that we have a static
set which contains all tokens which are mapped to the //csrf// token. As this is about
past tokens, this set won't change (unless other tokens at a later point are mapped to
a //csrf// token). One problem there is that it doesn't detect if tokens by extensions
are mapped now to the //csrf// token.
Another suggestion was to look in the paraminfo for `prop=info` and compare that list
(which does contain all token names except the //csrf// token, but those mapped to
//csrf//) to the new `meta=tokens` paraminfo. Problem there is, that `intoken` is
deprecated so at some point this will break.
TASK DETAIL
https://phabricator.wikimedia.org/T85725
REPLY HANDLER ACTIONS
Reply to comment or attach files, or !close, !claim, !unsubscribe or !assign
<username>.
EMAIL PREFERENCES
https://phabricator.wikimedia.org/settings/panel/emailpreferences/
To: XZise
Cc: Aklapper, jayvdb, Omegat, XZise, pywikipedia-bugs