On 4 September 2012 12:16, Yury Katkov katkov.juriy@gmail.com wrote:
Maybe the widgets on the website should have security verification badges? On the pages of secured widgets the badge would say that it's safe to use them. As far as I know the Widgets extension designed specially to create safe alternative to 'plain-old insertion of raw html and javascript to wikipages'.
The essential problem is that people can't get stuff through the gatekeepers, so they come up with a workaround. Noting that the workaround is insecure and saying "just don't do that" doesn't solve the original need and won't help security. It's not clear to me what will, but the gatekeeping is an obvious start.
- d.