Hey,
The essential problem is that people can't get stuff through the
gatekeepers, so they come up with a workaround. Noting
that the
workaround is insecure and saying "just don't do that" doesn't solve
the original need and won't help security. It's not clear to me what
will, but the gatekeeping is an obvious start.
I don't think this extension really affects this. It is the same as having
widgets implemented as extensions in that:
* They can only be enabled by administrative people
* They can be obtained from verified sources or from non-trusted ones
Widgets are inferior in that:
* An attacker compromising an admin account can put in arbitrary JS code
Widgets are superior in that:
* They cannot create PHP vulnerabilities
* Changes can be kept track of on-wiki
* The source is clearly visible to wiki users, increasing the scrutiny of
the code
* They are easier to deploy for most people
* They encourage more collaboration compared to the tons of low qualify and
unmaintained single widget extensions
It seems to me that this extension does not lose on security compared to
regular extensions at all, and that it offers quite a few benefits for the
kind of functionality it is intended to be used for.
The problem with creating a new system that has no gatekeepers
is that it encourages people who have no business
writing code to
end up doing so.
This system has as much gatekeeping as regular extensions do. I think
several people are making assumptions here without having had a decent look
at the extension.
Cheers
--
Jeroen De Dauw
http://www.bn2vs.com
Don't panic. Don't be evil.
--