FANDOM


  • Hi there¬†:) I'm aware this could be considered bad form given I'm not planning on adding this script to Dev Wiki (the use-case it serves is a bit specific), but I'd greatly appreciate it if anyone here could offer some feedback on a small script I've written for my home wiki.

    The code is available here. It's enabled on my test wiki, and you should be able to see it in action on the homepage, under the "Writer's Showcase" section. The basic goal is to display a couple of the most recent threads from a specific board in the forums. This display can be shown anywhere on the wiki by adding an element to a page with the forum-showcase class (which can also include data-max-threads and data-board attributes to configure the maximum threads to display and the board from which threads should be shown). If a thread includes the WS template, the script extracts some information about the author of a story being showcased, and a description they've provided for the story, but otherwise it just tries to guess/provides a placeholder.

    My main concern right now is ensuring there's no possibility of XSS via the script that I've missed. The only source of arbitrary input is via the Nirvana/MediaWiki APIs, after user input has already been parsed by them, so I would think it should be okay. However, I'd appreciate a second pair of eyes in case there's something I'm missing. I'm also really interested in any thoughts you guys have about caching strategies, since it seems wasteful to fetch the contents of threads multiple times per page when nothing's changed since the last load. Maybe cache thread contents, re-fetch the thread list on every load & only then fetch thread contents if the list has changed? I'm not sure if this would be compliant with FANDOM's approach to GDPR though.

    Any general feedback would also be very welcome :) Feel free to create threads/test pages on my test wiki if you want to test edge-cases or whatever.

    Thanks very much!

      Loading editor
    • A FANDOM user
        Loading editor
Give Kudos to this message
You've given this message Kudos!
See who gave Kudos to this message