Hey,
The essential problem is that people can't get stuff through the
gatekeepers, so they come up with a workaround. Noting that the workaround is insecure and saying "just don't do that" doesn't solve the original need and won't help security. It's not clear to me what will, but the gatekeeping is an obvious start.
I don't think this extension really affects this. It is the same as having widgets implemented as extensions in that:
* They can only be enabled by administrative people * They can be obtained from verified sources or from non-trusted ones
Widgets are inferior in that:
* An attacker compromising an admin account can put in arbitrary JS code
Widgets are superior in that:
* They cannot create PHP vulnerabilities * Changes can be kept track of on-wiki * The source is clearly visible to wiki users, increasing the scrutiny of the code * They are easier to deploy for most people * They encourage more collaboration compared to the tons of low qualify and unmaintained single widget extensions
It seems to me that this extension does not lose on security compared to regular extensions at all, and that it offers quite a few benefits for the kind of functionality it is intended to be used for.
The problem with creating a new system that has no gatekeepers
is that it encourages people who have no business writing code to end up doing so.
This system has as much gatekeeping as regular extensions do. I think several people are making assumptions here without having had a decent look at the extension.
Cheers
-- Jeroen De Dauw http://www.bn2vs.com Don't panic. Don't be evil. --