Wikirank/Technical

Wikirank mostly builds on standard MediaWiki features and Wikibase. It will need new MediaWiki extension capable of storing and querying vote data. That's enough for initial version. A number of future improvements and integrations will require additional MediaWiki extensions.

Wikirank will store user's votes in separate storage that is not publicly accessible. But this data still has to be included on the page somehow. How can Wikirank allow arbitrary user-contributed templates to process personalization data (votes) without revealing it? The basic idea is to seal off the whole page with all its resources (templates, Lua scripts, CSS, javascript), so that it can only communicate with the user but not with the outside world. Specifically:

• Disable communication with the outside world in Lua scripts (if it is currently possible).
• Only URLs whitelisted in trusted resources are allowed in final HTML and CSS.
• Only trusted javascript is allowed. Trusted javascript can however create iframe/worker sandbox and run untrusted javascript in it.

The above rules rely on "trusted" resources. Only very few, small resources should need trust. Trusted resources are generally created by code review and multiple signoffs.