Page MenuHomeMiraheze

Extension Re-review Request: EmbedVideo
Open, NormalPublic

Description

MediaWiki Link: https://www.mediawiki.org/wiki/Extension:EmbedVideo
Gitlab Repo: https://gitlab.com/hydrawiki/extensions/EmbedVideo


This extension was previously removed in late 2016 and is now a declined extension due to security reasons. I'm not familiar with the security reasons for it being rejected, but since the extension is actively maintained, I thought maybe the extension may have changed since then. Because of this, I'd like to request a re-review to see if the security concerns are still applicable to the current version of Extension:EmbedVideo.

Reason for Requesting
Currently, outside just using a Widget iframe, Miraheze offers Extension:YouTube for embedding videos from video sharing services. Per T5535, there was discussion about potentially enabling the other video services supported by Extension:YouTube, which were previously commented out in the Miraheze-forked version of the extension. After reviewing though, it seems like most of the video services supported by Extension:YouTube either don't work or are dead, and while it's not an ask, I figured maybe an alternative extension could be looked for.

Extension:EmbedVideo has larger video service support (24+ services) and is also actively maintained in keeping that support working and up-to-date (Last update a month ago). It seems to be a relatively common extension requested as well, so if the security concerns have been remedied, then I believe the extension would be a boon for editors looking for additional embedded video support without needing to go the Widget route.

Thank you for your time!

Event Timeline

Elaeagnifolia created this task.
AmandaCath added subscribers: Southparkfan, AmandaCath.

I could be wrong about this, but I think that the reason why the extension was declined was not that it was unmaintained, but rather because it inserts raw HTML code into wiki pages. This can and is a security risk if it is not managed and regulated properly - in theory someone could, in this case, embed a video where the video itself is malicious and/or the video contains something malicious within it, which would therefore inject the malicious content into the wiki and potentially Miraheze globally. While the chances of this happening are rare, if I understand it correctly Miraheze just doesn't like to take any unnecessary chances when it comes to security (CC @Southparkfan for further clarification/corrections).

Give me a few days to think about it.

Would Extension:Video be sufficient for you? I have just completed and approved that review so if so then it will be enabled with the 1.35 upgrade.

Looks promising. You should be aware, that, all downloaded videos would increase occupation of miraheze storage. Right ?
It is in beta yet, so are you confident with that ?

Looks promising. You should be aware, that, all downloaded videos would increase occupation of miraheze storage. Right ?
It is in beta yet, so are you confident with that ?

No, videos won't increase occupation of Miraheze storage as they are stored as wikitext embeds. It is alright to be approved if it is in beta, yes.

The Videos extension has been installed. If that is good enough for you then please let me know!

Reception123 added a subscriber: Reception123.

No response in three weeks. If this is still needed please feel free to reopen this task and answer @Universal_Omega

K599 added a subscriber: K599.

Reopening as Universal Omega seemed to be responding to Helper, who is not the original requester.

When I originally asked if Video would be sufficient I was speaking to the original requester who did not reply, therefore re-closing this.

Thanks for the clarification. Having looked at the documentation, I'd like to also request EmbedVideo. EmbedVideo has some additional features that neither the YouTube nor Video extensions seem to have, including support for more video services and being able to use URL arguments, so I don't think Video would be sufficient.