Okay I finally locked down the issue, it should be fixed now.

Thanks for the quick actions. I'll look into it next week.

Should be fixed upstream now

Should be fixed upstream now, it is a minor error where the index key wasn't reset after removing the toolbox.

Citizen does use the same hook as well, which makes me wonder if it is an issue with MediaWiki core itself or something else, I'll see what I can do about it.

It seems that there is a conflict between ManageWiki and Citizen that wiped out the whole bar. It affects users with ManageWiki permissions. I'm not entirely sure what caused it though.

Many thanks! Sorry I should have been more clear than it is a Google domain.

It seems that WMF are potentially switching to Opensearch because of licensing issue with Elasticsearch. Maybe this can be revisited when it is looked into upstream, unless someone wants to patch CirrusSearch :S

It seems that CirrusSearch on 1.39 requires Elasticsearch 7.10.2.
Would it be possible to look into enabling it after Miraheze is updated to 1.39 (T9446)?

Thanks for the report! It is now fixed in upstream.

In T9252#187988, @Dmehus wrote:

What's the specific need here, and, given my concern above, is there not a video sharing site the videos could be posted to and we could whitelist that? For example, YouTube, or, failing that, a site like Google Drive (if that is already whitelisted), the The Internet Archive, or similar.

If the end goal is just to get the video player working, you can also consider making a feature request to the EmbedVideo extension. In that way, the CSP is only applied by the extension when needed.

In T9220#187147, @Metalhead339 wrote:

Alternatively, NativeSvgHandler could be marked as incompatible with the Visual Editor. I'd be perfectly fine with giving up the latter for the earlier anyway.

In T9220#186895, @MacFan4000 wrote:

Declined due to T1404

Thanks for the notification.
It seems that the patch was ready a while ago but haven't merged into the master branch yet.

It should be fixed by the PR from @Lens0021 now.
https://github.com/StarCitizenTools/mediawiki-skins-Citizen/pull/440

Thanks for letting me know!

In T8052#162854, @RhinosF1 wrote:

While the use case is good, I still want to ensure it's developed to high standard with risks taken into account.

How can we guarntee thats done by the developer?

Reopen for visibility and discussion

In T8052#162343, @RhinosF1 wrote:

I'm leaning on a -1 here, var() is currently banned (awaiting a patch as it's fixed) as it caused a security issue. I'd like to know how the developer determined that it wasn't a security risk when they decided to allow this to enable it.

Thank you for the patch and review :)