This is the extension I want enabled: https://www.mediawiki.org/wiki/Extension:Commentbox
Description
Related Objects
Event Timeline
@HopelessNightOwl Hi. Would you be willing to consider an extension we already have installed: https://www.mediawiki.org/wiki/Extension:Comments ?
This extension is not submitting wpUnicodeCheck and therefore all attempts to save comments using it will fail. Also, it is adding an edit token after the comment form has been submitted rather than adding it inside a hidden element in the form beforehand. And the extension has not had real updates without dependency or localisation updates in months. As such, I am not very confident about this extension.
https://phabricator.wikimedia.org/T270767 needs to be evaluated for possible risk first
Declining for now based on the above and the issues raised upstream. The code gives me serious concerns about how it's written given what I've seen.
Reopening since the upstream task has been resolved and the extension is working once again.
@Samwilson, since you sent some patches for this extension including the above mentioned task, I was wondering if you could share your opinion regarding this part.
It's still declined for now, if the extension is improved as @Samwilson mentioned above then maybe it can be approved later
Improvements have been merged: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Commentbox/+/654567
At first glance, this is a low risk extension. It even rejects external links since there's no support for https://www.mediawiki.org/wiki/Extension:SpamBlacklist. Seems fine to enable, what do you think?
I have no objections following @Samwilson's patch and the explanation of html escaping by Scott
I think it's fine to enable also. After closing this again yesterday I reviewed the code and forgot to re-open and it does look fine to me also now.