On 4 September 2012 12:16, Yury Katkov <katkov.juriy(a)gmail.com> wrote:
Maybe the widgets on the website should have security
verification
badges? On the pages of secured widgets the badge would say that it's
safe to use them. As far as I know the Widgets extension designed
specially to create safe alternative to 'plain-old insertion of raw
html and javascript to wikipages'.
The essential problem is that people can't get stuff through the
gatekeepers, so they come up with a workaround. Noting that the
workaround is insecure and saying "just don't do that" doesn't solve
the original need and won't help security. It's not clear to me what
will, but the gatekeeping is an obvious start.
- d.