Okay I finally locked down the issue, it should be fixed now.
Feb 22 2023
Feb 17 2023
Thanks for the quick actions. I'll look into it next week.
Feb 16 2023
Should be fixed upstream now
Feb 15 2023
Should be fixed upstream now, it is a minor error where the index key wasn't reset after removing the toolbox.
Citizen does use the same hook as well, which makes me wonder if it is an issue with MediaWiki core itself or something else, I'll see what I can do about it.
Jan 27 2023
It seems that there is a conflict between ManageWiki and Citizen that wiped out the whole bar. It affects users with ManageWiki permissions. I'm not entirely sure what caused it though.
Jan 22 2023
Many thanks! Sorry I should have been more clear than it is a Google domain.
Dec 14 2022
It seems that WMF are potentially switching to Opensearch because of licensing issue with Elasticsearch. Maybe this can be revisited when it is looked into upstream, unless someone wants to patch CirrusSearch :S
It seems that CirrusSearch on 1.39 requires Elasticsearch 7.10.2.
Would it be possible to look into enabling it after Miraheze is updated to 1.39 (T9446)?
Nov 25 2022
Jun 21 2022
Thanks for the report! It is now fixed in upstream.
May 31 2022
What's the specific need here, and, given my concern above, is there not a video sharing site the videos could be posted to and we could whitelist that? For example, YouTube, or, failing that, a site like Google Drive (if that is already whitelisted), the The Internet Archive, or similar.
If the end goal is just to get the video player working, you can also consider making a feature request to the EmbedVideo extension. In that way, the CSP is only applied by the extension when needed.
May 17 2022
Alternatively, NativeSvgHandler could be marked as incompatible with the Visual Editor. I'd be perfectly fine with giving up the latter for the earlier anyway.
May 16 2022
May 12 2022
Thanks for the notification.
It seems that the patch was ready a while ago but haven't merged into the master branch yet.
Apr 15 2022
It should be fixed by the PR from @Lens0021 now.
Jan 16 2022
Thanks for letting me know!
Sep 25 2021
While the use case is good, I still want to ensure it's developed to high standard with risks taken into account.
How can we guarntee thats done by the developer?
Reopen for visibility and discussion
Sep 19 2021
I'm leaning on a -1 here, var() is currently banned (awaiting a patch as it's fixed) as it caused a security issue. I'd like to know how the developer determined that it wasn't a security risk when they decided to allow this to enable it.
Jun 27 2021
Jun 23 2021
Jun 22 2021
Thank you for the patch and review :)