Bryan Derksen wrote:
Brion Vibber wrote:
Magnus Manske wrote:
The first one you know, the validation feature,
in its current
incarnation. It has already been pre-field-tested by some people from
the German wikipedia.
This is still going to need rewriting before we can safely use it.
What's wrong with it, and how much work do you think needs to be done?
Lots of missing input validation and missing output escaping. There were still
several cross-site scripting injection points when I last lost count.
(A cross-site scripting vulnerability could be used to take over an admin's
account if you can trick them into visiting a link while logged in on the wiki.
From there you could add malicious JavaScript code which will be shown to every
other visitor, potentially hijacking many more accounts, as well as performing
any action on the wiki: deleting, renaming, undeleting pages, etc. You could
also try triggering browser vulnerabilities to take over the computers of any
visitors using unpatched older browsers.)
Going over it with a fine-toothed comb looking for the bugs is tedious and
error-prone; there's lots of raw HTML output (very easy to make mistakes) and
the source and type of input data is hard to track. My inclination is to rip it
out and rewrite it as a clean extension with clearer data paths (I recommended
that Magnus write it as an extension when he started). It's probably not more
than a couple days' work, really, modulo other distractions.
Article version rating/validation/moderation/whatever
is my number one
anticipated feature, and I've been responding to various peoples'
criticisms of Wikipedia's "trustworthiness" with the suggestion that
we'll be implementing something along these lines Real Soon Now for what
feels like years.
Well, this feature won't do much of anything about trustworthiness. A review
team marking stable revisions, and proper visible disclaimers on unstable
development drafts, might.
-- brion vibber (brion @
pobox.com)