TL;DR: who's testing out the non-Knockout approaches?
Much thanks to everyone who corrected & enlightened me! I was especially
grateful to Chris Steipp's explanation:
When looking at a typical web page, you need several
escaping strategies.
OWASP roughly groups them into html body, plain attributes, URL context,
Javascript context, CSS context. My point was that you need several
MakeWhateverSafe functions, and have to use them in the right context.
and Peter Kaminski's reminder of the "separation of concerns" concept,
and C. Scott's explanation of how we could balance usability for human
editors against easy integration with VE and executability
http://www.gossamer-threads.com/lists/wiki/wikitech/445152#445152 .
Thanks also to Nuria Ruiz and others for the corrections on security stuff!
Now that we know the mobile team is checking out the KnockoutJS idea in
late April and reporting back to the list in late April/early May, I'm
wondering about something C. Scott said:
On 04/01/2014 07:11 PM, C. Scott Ananian wrote:
I think there's some room to experiment with
various options as
extensions, in beta, etc. The "pick something" stage is going to have
to weigh a lot of competing objectives -- for UI building, for content
templates, for scripting, visual editor support, etc. I don't see us
getting to the "pick something" stage until a number of different
implementations have been prototyped in different contexts.
--scott
That makes sense. So who is testing out/reporting about the other
approaches or implementations? To repeat my question from March 18th:
oojs -
https://www.mediawiki.org/wiki/OOjs_UI -- could use this
toolkit with one of the other template approaches, or maybe this is
enough by itself! Currently used inside VisualEditor and I am not sure
whether any other MediaWiki extensions or teams are using it? Should we
try using this in another team?
--
Sumana Harihareswara
Senior Technical Writer
Wikimedia Foundation