{{Header}}
= AI file review JS =
{| class="wikitable"
! Filename !! security flaws !! necessary improvements !! highly suggested improvements !! anchor link
|-
| AddMessageToCopiedText.js || 1 || 1 || 2 || [[#AddMessageToCopiedText.js]]
|-
| BackToTopButton.js || 0 || 1 || 2 || [[#BackToTopButton.js]]
|-
| CodeSelect.js || 1 || 2 || 2 || [[#CodeSelect.js]]
|-
| CodeSelectHighlightList.js || 0 || 1 || 1 || [[#CodeSelectHighlightList.js]]
|-
| CollapsibleGlobalMods.js || 0 || 1 || 1 || [[#CollapsibleGlobalMods.js]]
|-
| CustomScrollbar.js || 0 || 0 || 1 || [[#CustomScrollbar.js]]
|-
| DebugViaUrlModal.js || 1 || 2 || 2 || [[#DebugViaUrlModal.js]]
|-
| DevTools.js || 1 || 1 || 1 || [[#DevTools.js]]
|-
| DiscoverHiddenElements.js || 0 || 1 || 1 || [[#DiscoverHiddenElements.js]]
|-
| Download_Button.js || 1 || 2 || 2 || [[#Download_Button.js]]
|-
| EditorAddNewEditButtons.js || 0 || 0 || 1 || [[#EditorAddNewEditButtons.js]]
|-
| EditorAutoBackup.js || 1 || 2 || 2 || [[#EditorAutoBackup.js]]
|-
| EditorFullscreen.js || 0 || 1 || 1 || [[#EditorFullscreen.js]]
|-
| EditorMultiwikiNotice.js || 0 || 1 || 1 || [[#EditorMultiwikiNotice.js]]
|-
| EditorSaveAndContinue.js || 1 || 2 || 1 || [[#EditorSaveAndContinue.js]]
|-
| EnhanceHeadlines.js || 0 || 1 || 1 || [[#EnhanceHeadlines.js]]
|-
| ExpandOrCollapseAll.js || 0 || 1 || 1 || [[#ExpandOrCollapseAll.js]]
|-
| FlyInNotification.js || 0 || 1 || 1 || [[#FlyInNotification.js]]
|-
| Footer.js || 0 || 0 || 0 || [[#Footer.js]]
|-
| HashController.js || 0 || 1 || 1 || [[#HashController.js]]
|-
| Header.js || 0 || 1 || 1 || [[#Header.js]]
|-
| HomepageSliderInit.js || 0 || 1 || 2 || [[#HomepageSliderInit.js]]
|-
| JsPerformanceTests.js || 1 || 1 || 1 || [[#JsPerformanceTests.js]]
|-
| MiniModal.js || 0 || 1 || 2 || [[#MiniModal.js]]
|-
| MwCombineJsWrapper.js || 0 || 1 || 1 || [[#MwCombineJsWrapper.js]]
|-
| Pages.js || 0 || 1 || 2 || [[#Pages.js]]
|-
| PayViaPaypal.js || 0 || 2 || 2 || [[#PayViaPaypal.js]]
|-
| ScrollAutoWrapper.js || 0 || 1 || 2 || [[#ScrollAutoWrapper.js]]
|-
| SearchModal.js || 0 || 1 || 1 || [[#SearchModal.js]]
|-
| ShareTooltip.js || 0 || 0 || 2 || [[#ShareTooltip.js]]
|-
| Sitenotice_EndOfYear.js || 0 || 1 || 2 || [[#Sitenotice_EndOfYear.js]]
|-
| Sitenotice.js || 0 || 0 || 1 || [[#Sitenotice.js]]
|-
| StageServerNotice.js || 0 || 0 || 0 || [[#StageServerNotice.js]]
|-
| TabContentController.js || 0 || 0 || 0 || [[#TabContentController.js]]
|-
| TocLevelSwitcher.js || 0 || 0 || 0 || [[#TocLevelSwitcher.js]]
|-
| LocalPages.js (Whonix) || 0 || 0 || 0 || [[#LocalPages.js]]
|-
| cacheclear-php-apc-cache.php || 0 || 0 || 0 || [[#cacheclear-php-apc-cache.php]]
|-
| cacheclear-php-opcache.php || 0 || 0 || 0 || [[#cacheclear-php-opcache.php]]
|-
| mw-headscript-content.php || 0 || 0 || 0 || [[#mw-headscript-content.php]]
|-
| opcache.php || 0 || 0 || 0 || [[#opcache.php]]
|-
| run-cacheclear-minimal.php || 0 || 0 || 0 || [[#run-cacheclear-minimal.php]]
|-
| run-cacheclear-nginx.php || 0 || 0 || 0 || [[#run-cacheclear-nginx.php]]
|-
| run-git-pull.php || 0 || 0 || 0 || [[#run-git-pull.php]]
|-
| build-mw-combine.php || 0 || 0 || 0 || [[#build-mw-combine.php]]
|-
| build.sh || 0 || 0 || 0 || [[#build.sh]]
|-
| deploy-to-servers-or-locally.sh || 0 || 0 || 0 || [[#deploy-to-servers-or-locally.sh]]
|-
| request-servers-to-fetch-and-deploy.sh || 0 || 0 || 0 || [[#request-servers-to-fetch-and-deploy.sh]]
|-
| widget:Header || 0 || 0 || 0 || [[#widget:Header]]
|-
| Widget:HeaderLocalWiki || 0 || 0 || 0 || [[#Widget:HeaderLocalWiki]]
|-
| Widget:Footer || 0 || 0 || 0 || [[#Widget:Footer]]
|-
| Widget:Page Homepage || 0 || 0 || 0 || [[#Widget:Page Homepage]]
|-
| Widget:CodeSelect || 0 || 0 || 0 || [[#Widget:CodeSelect]]
|-
| Widget:Donation Panel || 0 || 0 || 0 || [[#Widget:Donation Panel]]
|-
| Widget:Download Button || 0 || 0 || 0 || [[#Widget:Download Button]]
|-
| Widget:EagerImage || 0 || 0 || 0 || [[#Widget:EagerImage]]
|-
| Widget:Expand or Collapse All || 0 || 0 || 0 || [[#Widget:Expand or Collapse All]]
|-
| Widget:ExtLink || 0 || 0 || 1 || [[#Widget:ExtLink]]
|-
| Widget:FlyInNotification || 0 || 0 || 1 || [[#Widget:FlyInNotification]]
|-
| Widget:Free || 0 || 0 || 1 || [[#Widget:Free]]
|-
| Widget:Freedom || 0 || 0 || 1 || [[#Widget:Freedom]]
|-
| Widget:Headline || 0 || 0 || 1 || [[#Widget:Headline]]
|-
| Widget:HtmlComment || 0 || 0 || 0 || [[#Widget:HtmlComment]]
|-
| Widget:Icon Bullet List || 0 || 0 || 0 || [[#Widget:Icon Bullet List]]
|-
| Widget:LeftRightImageText || 0 || 0 || 0 || [[#Widget:LeftRightImageText]]
|-
| Widget:Non-freedom || 0 || 0 || 0 || [[#Widget:Non-freedom]]
|-
| Widget:Pay by PayPal Subscription || 0 || 0 || 1 || [[#Widget:Pay by PayPal Subscription]]
|-
| Widget:SitenoticeBanner || 0 || 0 || 0 || [[#Widget:SitenoticeBanner]]
|-
| Widget:Subdomain link || 0 || 0 || 0 || [[#Widget:Subdomain link]]
|-
| Widget:Terms of Service Agree || 0 || 0 || 0 || [[#Widget:Terms of Service Agree]]
|-
| Widget:Terms of Service Disagree || 0 || 0 || 0 || [[#Widget:Terms of Service Disagree]]
|-
| Widget:VideoLink || 0 || 0 || 0 || [[#Widget:VideoLink]]
|-
| LinkToArchive.php || 0 || 0 || 0 || [[#LinkToArchive.php]]
|-
| Hooks.php || 0 || 0 || 0 || [[#Hooks.php]]
|}
== AddMessageToCopiedText.js ==
* Security flaws (1):
** The script manipulates clipboard content without explicit user consent, which may be flagged or blocked by some modern browsers or browser extensions as a clipboard injection risk. It also parses DOM nodes without null checks (e.g. selection.anchorNode), which could cause errors if selection is empty or malformed.
* Necessary improvements (1):
** The script should sanitize or validate url and project to avoid potential DOM-based injection if any meta tags are modified maliciously (unlikely, but a good practice). It should also add null checks for selection.anchorNode and selection.focusNode to avoid JS errors.
* Highly suggested improvements (2):
** Improve the logic for detecting "protected" elements — the current check may not fully cover nested selections or partially protected content.
** Fallback behavior or user feedback could be added if clipboard operations fail (e.g., due to browser restrictions or permissions).
== BackToTopButton.js ==
* Security flaws (0):
** No security-relevant operations are performed. The script only manages UI behavior and doesn't process user input or interact with sensitive APIs.
* Necessary improvements (1):
** There is no accessibility consideration (e.g., ARIA roles or keyboard accessibility). This should be addressed to make the button usable for all users.
* Highly suggested improvements (2):
** The script injects HTML with jQuery directly as a string. While not dangerous in this context, it's better practice to create elements via DOM methods for clarity and maintainability.
** The button appears abruptly in the DOM. Consider delaying its injection until the user starts scrolling, or using a fade-in transition for initial presence to enhance UX.
== CodeSelect.js ==
* Security flaws (1):
** The script uses `document.execCommand("copy")` and `navigator.clipboard.writeText()` without confirming user intent or feature availability. While typical for copy-to-clipboard features, these clipboard APIs can raise security flags, especially in modern browsers that block or limit such actions without user gestures.
* Necessary improvements (2):
** Clipboard operations should be feature-detected and include user permission handling for better compatibility and security (e.g., fallback UX when clipboard access fails).
** DOM injection is done via template literals using jQuery, which could introduce maintainability or XSS risks if not tightly controlled. Although safe here, any future extension should treat this as a potential vector.
* Highly suggested improvements (2):
** Accessibility: No ARIA roles, focus handling, or keyboard support are included for copy buttons or tooltips, which excludes keyboard-only or screen reader users.
** There’s a fair amount of duplicated logic in event handling and fallback logic (e.g., copy feedback). Abstracting those into reusable helpers would simplify maintenance and reduce potential bugs.
== CodeSelectHighlightList.js ==
* Security flaws (0):
** This script only populates a predefined array with static string data. No user input or dynamic execution is involved, so there are no inherent security concerns.
* Necessary improvements (1):
** The list includes many duplicates (e.g., multiple instances of `'qvm-copy'`, `'qvm-firewall'`, etc.). These should be deduplicated to reduce unnecessary memory usage and improve performance, especially on large pages or low-resource systems.
* Highly suggested improvements (1):
** Consider loading this list from a JSON file or external config for better maintainability and to avoid cluttering the script. This would also allow easier updates or localization in the future.
== CollapsibleGlobalMods.js ==
* Security flaws (0):
** This script only sets attributes and text content for `.mw-collapsible` elements and doesn’t process external input, so no security risks are currently present.
* Necessary improvements (1):
** The script assumes the presence of `.mw-collapsible-text` elements without checking for potential DOM manipulation races. A fallback or clearer handling is needed if the element isn’t fully initialized by the time this runs.
* Highly suggested improvements (1):
** To improve flexibility, consider supporting localization by loading the `expandText` and `collapseText` from a config or i18n module instead of hardcoding English strings.
== CustomScrollbar.js ==
* Security flaws (0):
** The script uses a predefined function to initialize a custom scrollbar using trusted, internal methods. It does not handle user input or expose data, so there are no security risks.
* Necessary improvements (0):
** No necessary changes — the script is minimal, functional, and scoped properly.
* Highly suggested improvements (1):
** Consider adding feature detection or graceful fallback logic in case `tinyscrollbar` is not loaded or fails to initialize, to avoid silent errors or broken UI components.
== DebugViaUrlModal.js ==
* Security flaws (1):
** The script sets and removes cookies (`nocache`) and manipulates query parameters without validating their contents. While relatively safe here, this could be a vector for client-side attacks or URL pollution if extended or reused in broader contexts.
* Necessary improvements (2):
** No validation is performed on query parameter changes (`dontload`) or cookie values. Implement basic sanitation or encoding as a precaution.
** `modal.find('.code-select').codeSelect('init')` is invoked without checking if the `codeSelect` plugin is loaded, which could cause runtime errors in some edge cases.
* Highly suggested improvements (2):
** Accessibility could be improved by adding ARIA roles and keyboard navigation support to the modal and toggle controls.
** The string-based HTML construction and inline logic could be moved to a templating function for better readability and maintainability.
== DevTools.js ==
* Security flaws (1):
** The script parses and injects HTML (`<a>`) based on string content in the DOM without sufficient escaping. If malicious or malformed content were present in a text node, this could open the door to DOM-based XSS — especially on pages editable by users.
* Necessary improvements (1):
** Before injecting HTML links, the referenced filenames (`ref[0]`) should be sanitized or escaped using a safe DOM API (e.g., `textContent`, not string interpolation with backticks) to avoid injection risks.
* Highly suggested improvements (1):
** The script assumes only one reference per text node and doesn't handle edge cases like multiple references or non-standard filename patterns. A more robust pattern matching and iteration method would improve coverage and reliability.
== DiscoverHiddenElements.js ==
* Security flaws (0):
** The script does not handle user input, external data, or modify sensitive parts of the DOM. There are no evident security risks.
* Necessary improvements (1):
** The `elem[0].getBoundingClientRect()` usage assumes the element is always present and rendered. A null or undefined check should be added to prevent rare runtime errors in case the element is removed before the timeout executes.
* Highly suggested improvements (1):
** The script could allow customization of the scroll offset (currently hardcoded as `-70`). This would make the tool more adaptable across layouts with different fixed headers or spacing needs.
== Download_Button.js ==
* Security flaws (1):
** The script fetches and injects HTML and CSS from an external page (`/wiki/Template:Payments`) without sanitizing the content. If that page is compromised or user-editable, it could lead to DOM-based XSS or unintended style/script injection.
* Necessary improvements (2):
** DOM elements extracted from the fetched content should be sanitized or validated before being injected into the modal to prevent injection vulnerabilities.
** There is no error handling for the `.get()` request — a failed request could lead to unexpected behavior or unresponsive UI. Add a fallback or error message for robustness.
* Highly suggested improvements (2):
** The countdown timer and modal rendering logic could be modularized or abstracted into reusable utilities for better maintainability and testability.
** Improve accessibility by adding ARIA roles, keyboard interactions, and semantic labeling to modal elements (e.g., donation buttons, download trigger).
== EditorAddNewEditButtons.js ==
* Security flaws (0):
** The script does not process external input or perform dynamic DOM injection outside of the controlled MediaWiki editor context. It uses standard API methods (`wikiEditor.addToToolbar`) and is therefore considered secure.
* Necessary improvements (0):
** No necessary changes — functionality is scoped and safe.
* Highly suggested improvements (1):
** The button configuration is hardcoded in the script. Moving this to a config object or external JSON structure could make it easier to update or localize without modifying the code.
== EditorAutoBackup.js ==
* Security flaws (1):
** Content is stored and retrieved from `localStorage` without any sanitation. While this data stays client-side, unescaped or malformed content could affect DOM rendering or be exploited by extensions or injected scripts if parsed into the DOM without care.
* Necessary improvements (2):
** Use `textContent` or safe DOM manipulation methods when injecting user-edited content from `localStorage` (e.g., in `createDateTab`) to prevent potential XSS when rendering past backups.
** Add `try/catch` guards around critical operations like `JSON.parse` and editor API usage (e.g., CodeMirror and Ace) to prevent hard crashes on unusual states or errors.
* Highly suggested improvements (2):
** Modal and UI elements are deeply nested and assembled via string templates. Refactoring into modular UI builders or templates would improve readability and maintainability.
** The save logic could benefit from versioning or metadata tracking (e.g., editor type, byte size) for better debugging, future-proofing, and cross-editor consistency.
== EditorFullscreen.js ==
* Security flaws (0):
** The script does not interact with external data or user-generated content. It safely manipulates dimensions and class toggles based on existing DOM structure.
* Necessary improvements (1):
** The script assumes the presence of specific DOM elements (`.editOptions`, `.ui-resizable`, etc.) without checks. If these are missing due to changes in the editor structure or user skin, it may lead to silent failures or visual glitches. Add element existence checks before using `.outerHeight()` or `.height()`.
* Highly suggested improvements (1):
** The fullscreen height calculation could be abstracted into a function and updated on window resize for smoother UX and responsive layout behavior.
== EditorMultiwikiNotice.js ==
* Security flaws (0):
** The script does not process external user input or modify data beyond generating static notice elements. No security issues identified.
* Necessary improvements (1):
** The `.match()` check on the editor content assumes the full content is already loaded in `#wpTextbox1`, which might not be reliable in all editor setups or async contexts. Consider a safer or more editor-agnostic detection approach (e.g., using `mw.config.get('wgCategories')` if available).
* Highly suggested improvements (1):
** Refactor the HTML string generation into DOM element builders to improve maintainability, reduce fragility, and improve readability — especially given the use of multiple icon/text combinations.
== EditorSaveAndContinue.js ==
* Security flaws (1):
** The script injects the full AJAX response HTML into an iframe without sanitization. If the server returns unexpected content or errors, this could lead to misleading or unescaped rendering inside the modal, potentially exposing users to DOM-based risks — especially if any user-generated content is echoed.
* Necessary improvements (2):
** Add error handling for failed AJAX requests (e.g., network issues or edit conflicts). Without it, the UI may appear frozen or silently fail.
** Validate that the returned response is appropriate for iframe injection (e.g., check for expected markers or wrap in a safe layout), or replace iframe content with a simpler success/failure summary.
* Highly suggested improvements (1):
** Consider replacing the iframe entirely with an inline success message or diff-style confirmation. Using iframe manipulation is generally fragile and harder to maintain across site layout changes.
== EnhanceHeadlines.js ==
* Security flaws (0):
** The script appends predefined UI elements to known DOM structures and doesn’t handle user-generated content directly. No security risks are present in the current usage.
* Necessary improvements (1):
** The script assumes the existence of `span[id]` and `.mw-headline` within the targeted headers without null checks. In rare malformed pages, this may lead to silent JS errors or broken functionality.
* Highly suggested improvements (1):
** Consider deferring or throttling the enhancement if running on long pages or those with many headings, to avoid performance impact. Optionally, add support for customizing which heading levels (`h1–h3`) are affected.
== ExpandOrCollapseAll.js ==
* Security flaws (0):
** The script operates only on `.mw-collapsible-text` elements and doesn't interact with user input or external data. It poses no security risk.
* Necessary improvements (1):
** The script assumes that every `.mw-collapsible-text` element has a `.parent()` with one of the toggle classes. Add checks to ensure valid targets and avoid unexpected errors if class names or structures change.
* Highly suggested improvements (1):
** Consider updating the button label or icon dynamically (e.g., “Expand all†→ “Collapse allâ€) to provide better visual feedback for users.
== FlyInNotification.js ==
* Security flaws (0):
** The script does not process user input or inject unsafe content. Cookie usage is safe, and all DOM interaction is tightly scoped.
* Necessary improvements (1):
** The script assumes that `#fly-in-notification-panel` and its `.inner-wrapper` exist on the page. If missing, it could silently fail or throw JS errors. Add a presence check for robustness.
* Highly suggested improvements (1):
** The fly-in width animation could be made more responsive (e.g., `max-width` instead of fixed `width`) to better adapt across devices and support dynamic content changes.
== Footer.js ==
* Security flaws (0):
** The script is currently inactive and contains no executable logic. No security concerns.
* Necessary improvements (0):
** None needed — there is no functionality implemented.
* Highly suggested improvements (0):
** None suggested at this time.
== HashController.js ==
* Security flaws (0):
** The script operates only on URL fragments and does not handle external data or user input directly. It poses no security risk as implemented.
* Necessary improvements (1):
** The `set()` method modifies the URL using `pushState`, but it assumes `mwDev.data.app.baseUrl` is always defined. If that variable is missing, it could result in malformed URLs or navigation issues. Add a fallback or validation.
* Highly suggested improvements (1):
** Consider implementing a remove/deregister function for callbacks to prevent memory leaks in single-page applications or dynamically reloaded interfaces.
== Header.js ==
* Security flaws (0):
** The script does not process external input or inject user-controlled content. It interacts only with known internal elements, so no security issues are present.
* Necessary improvements (1):
** The script assumes that all expected DOM elements (e.g., `.super-menu .edit`, `.nav-menu .button`) are always present. Add presence checks or fallbacks to prevent silent failures or JS errors in edge cases.
* Highly suggested improvements (1):
** Touch capability detection is handled with three conditions, which could be simplified or abstracted for clarity. Additionally, consider separating click and hover logic to improve accessibility and mobile responsiveness.
== HomepageSliderInit.js ==
* Security flaws (0):
** The script does not process user input or external content, and it interacts only with predefined DOM elements. No security issues found.
* Necessary improvements (1):
** The script removes the `id` from duplicated cards only if their parent has the class `.splide__slide--clone`, but the selector mistakenly includes a dot (`.hasClass('.class')` instead of `.hasClass('class')`). This condition never matches and the `id` may not be removed, potentially leading to duplicate IDs in the DOM. Fix this selector.
* Highly suggested improvements (2):
** Consider adding a check to skip initialization if `.card-wrapper` elements are not found — currently, if the structure is incomplete, the script may still try to render and break the layout.
** The hardcoded settings (autoplay, interval, perPage) could be moved to a config object or `data-*` attributes for better maintainability and flexibility across multiple homepage contexts.
== JsPerformanceTests.js ==
* Security flaws (1):
** The `jsJammer` function executes a deliberately CPU-intensive loop (`bursts * 1,000,000` iterations) on the main thread. If misused or triggered unintentionally, it can freeze or crash the browser. This is not a vulnerability per se, but it presents a **denial-of-service risk in development environments**.
* Necessary improvements (1):
** Add clear warnings or restrictions (e.g., `if (!window.DEBUG_MODE) return;`) to prevent accidental invocation in production environments. These methods should be gated or removed during deployment builds.
* Highly suggested improvements (1):
** Consider moving this functionality to a separate developer-only module or enabling it only with explicit user confirmation. This helps prevent unintended browser slowdowns or support issues if someone accidentally runs a test.
== MiniModal.js ==
* Security flaws (0):
** The script does not introduce any security concerns — it only manipulates known internal DOM structures and does not process or inject user input.
* Necessary improvements (1):
** The `init()` function assumes that the modal element includes children to migrate into `.overview`. If empty or malformed, this could cause layout inconsistencies or runtime errors. Add a validation or fallback when no child content exists.
* Highly suggested improvements (2):
** The script mixes structure setup and behavior in a single function (`init()`). Splitting layout building from event binding would improve readability and maintainability.
** Consider adding a close-on-Esc-key event for accessibility and expected UX behavior.
== MwCombineJsWrapper.js ==
* Security flaws (0):
** The script sets up internal namespaces, load events, and performance tracking. It does not process external content or perform risky DOM operations. No security issues found.
* Necessary improvements (1):
** The placeholder comment `/*--WRAPPEDCONTENT--IMPORTANT-TAG--ALL-OTHER-SCRIPTS-WILL-BE-INSERTED-HERE--*/` should ideally be validated during build/deployment to ensure insertion integrity and avoid breakage in the execution chain.
* Highly suggested improvements (1):
** `mwDev.tools.delay()` is a useful utility, but lacks cancellation or chaining support. Consider extending it to return a handle or Promise for advanced use cases like batching or throttling.
== Pages.js ==
* Security flaws (0):
** The script interacts only with internal DOM elements and registered modal or hash-based behavior. It doesn't touch external input or dynamic data sources. No security concerns.
* Necessary improvements (1):
** The script assumes `cardId` is always correctly matched in `section-modal` IDs (via regex). If the structure changes or an ID is malformed, it may result in `undefined` hash values. Add a validation check for `.match()` results before using them.
* Highly suggested improvements (2):
** The scroll behavior triggered by hash could be extracted into a reusable utility (e.g., `scrollToWithOffset`) since it's used across multiple files and is sensitive to UI layout.
** Consider using `data-page-id` attributes instead of relying on `body` classes like `page-Homepage` or `page-Dev_wikitest`, which are more brittle and less future-proof.
== PayViaPaypal.js ==
* Security flaws (0):
** The script does not process external input, only builds form content locally and submits to PayPal over HTTPS. No security issues present in this implementation.
* Necessary improvements (2):
** The PayPal business email is hardcoded in the form. This should be abstracted into a configuration value or meta tag to avoid accidental reuse or exposure.
** The `cardId` is extracted using a regex without verifying the match result, which could result in an invalid or `undefined` ID being used in URLs. Add a null check for robustness.
* Highly suggested improvements (2):
** Use `Number.isFinite()` rather than multiple type checks when validating amount values — it's simpler and safer.
** Consider supporting localization (currency symbol, interval labels) by using `data-*` attributes or a translation layer instead of hardcoded `USD` and text strings.
== ScrollAutoWrapper.js ==
* Security flaws (0):
** This script manipulates static elements (`.wikitable`, `pre`) and doesn't handle user input or dynamic external content. No security issues are present.
* Necessary improvements (1):
** The `window.getComputedStyle(...).getPropertyValue('margin')` call is applied directly to set the wrapper’s margin, but this may return shorthand values (`"10px 20px"`) that don’t map cleanly in `jQuery.css()`. Use `.css('marginTop')`, etc., explicitly or apply as a string to `style.margin`.
* Highly suggested improvements (2):
** The script duplicates logic for “visible†and “hidden†scenarios. Consider separating the `enrichWhenVisible()` call from the observation logic for DRYness and clarity.
** For accessibility, consider adding `role="region"` and `aria-label` or `aria-describedby` to the wrapper to signal its scrollability to screen readers.
== SearchModal.js ==
* Security flaws (0):
** This script operates entirely on internal DOM manipulation and does not process external input. No security vulnerabilities detected.
* Necessary improvements (1):
** The selector logic for finding the search input field assumes a limited set of class names. If the search system is updated or customized, the script may silently fail. Consider using a more stable fallback or fail-safe warning if no field is found.
* Highly suggested improvements (1):
** Improve accessibility by adding `aria-label`, `role="search"` or keyboard trap handling inside the modal so screen reader users or keyboard navigators can benefit from the search overlay equally.
== ShareTooltip.js ==
* Security flaws (0):
** The code avoids direct HTML injection and properly escapes dynamic user-facing content. No security risks observed.
* Necessary improvements (0):
** All features are functioning correctly. Templating logic, dynamic insertion, and encoding are handled safely.
* Highly suggested improvements (2):
** Consider sanitizing `data-anchor` and `data-chapter` more robustly for CSS selector escaping. While the current `.replace()` handles some edge cases, a full escape mechanism or `CSS.escape()` would be more reliable for complex IDs.
** The dynamic URL parsing logic is quite manual and could be simplified or hardened using `URL()` methods or MediaWiki core utilities (if available), especially for future-proofing non-standard routes.
== Sitenotice_EndOfYear.js ==
* Security flaws (0):
** The script does not introduce any XSS or insecure data usage. No user input is executed or rendered as HTML.
* Necessary improvements (1):
** The `Date.now()` cutoff hardcoded for the end of 2022 (`1672527599000`) is outdated. This breaks functionality unless updated manually each year. Consider externalizing the active window into a config value or allowing year-over-year support via template inputs.
* Highly suggested improvements (2):
** It would improve maintainability to separate crypto address extraction (`data-crypto-addresses`) from inline DOM parsing and allow it as a formal argument or from a config module.
** For accessibility, consider adding `aria-*` attributes for slideshow buttons and controls (e.g. play/pause, dismiss) to help screen readers.
== Sitenotice.js ==
* Security flaws (0):
** The script doesn't handle any user input, and cookie-based control is safe. No vulnerabilities are present.
* Necessary improvements (0):
** None.
* Highly suggested improvements (1):
** Accessibility: Consider adding a keyboard-accessible role and `aria-label` to the close button. This will help screen readers and keyboard navigation users interact with the dismissal function.
== StageServerNotice.js ==
* Security flaws (0):
** No user input is handled. The script is fully static and safe.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== TabContentController.js ==
* Security flaws (0):
** No user input is handled or executed. All content is generated from existing page DOM and safe attribute parsing.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== TocLevelSwitcher.js ==
* Security flaws (0):
** No direct user input is processed or executed.
** All content added is constructed with safe DOM manipulation and CSS class toggling.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== LocalPages.js ==
* LocalPages for Whonix. No code for Kicksecure LocalPages
* Security flaws (0):
** No user input is processed or evaluated.
** Video interaction and DOM manipulation are done safely.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== cacheclear-php-apc-cache.php ==
* Security flaws (0):
** No input is taken from the user.
** The script only performs a call to `apcu_clear_cache()` and returns a fixed JSON response.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== cacheclear-php-opcache.php ==
* Security flaws (0):
** The script does not accept user input.
** It executes a single built-in function (`opcache_reset()`) and returns a static message.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== mw-headscript-content.php ==
* Security flaws (0):
** This file outputs static JS and CSS references or conditionally includes pre-defined libraries and assets.
** There is no dynamic inclusion or usage of user-generated content in file paths or execution logic.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== opcache.php ==
* Security flaws (0):
** This is a self-contained diagnostic and visualization tool for OpCache stats.
** There are no user inputs or GET/POST parameters being parsed or echoed unsanitized.
** All data is either from built-in PHP OpCache APIs or static rendering.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== run-cacheclear-minimal.php ==
* Security flaws (0):
** `execHelper()` executes a shell command via `exec()`, but it's hardcoded to `sudo --non-interactive cacheclear-minimal`, which prevents command injection.
** No user input is accepted or interpreted in any way.
** Output is only HTML-encoded debug logs, not raw shell output.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== run-cacheclear-nginx.php ==
* Security flaws (0):
** Executes a static, hardcoded `sudo --non-interactive cacheclear-nginx` shell command—no dynamic input, no injection surface.
** Does not process any query parameters or user input.
** Output is HTML-safe and only shows controlled debug info.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== run-git-pull.php ==
* Security flaws (0):
** Executes a static `sudo --non-interactive wiki-git-pull` shell command with no parameters or user-controlled input.
** No dynamic user input is passed to the shell.
** Output is well-escaped, HTML-only, and used for debug logging.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== build-mw-combine.php ==
* Security flaws (0):
** The script only uses internal configuration files and static command strings.
** There is no user-controlled or unsafe input passed into shell commands.
** Directory paths are validated and checked against empty or root (`'/'`) values before being passed to `rm`, preventing catastrophic deletions.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== build.sh ==
* Security flaws (0):
** The script only uses static commands and arguments for `php`.
** `$1` is safely quoted and not used in ways that could inject commands.
** No untrusted user input is passed into command-line evaluations.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== deploy-to-servers-or-locally.sh ==
* Security flaws (0):
** No user input is directly evaluated.
** All variables are safely quoted.
** Git commands are non-destructive and checked.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== request-servers-to-fetch-and-deploy.sh ==
* Security flaws (0):
** All secrets are externalized and safely sourced from a separate secrets file.
** Uses secure protocols (TLS 1.3 and HTTPS enforced).
** Proper quoting is used for all variables to prevent word-splitting or globbing issues.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
== widget:Header ==
* Security flaws (0):
** No user data injection or form inputs — uses server-side variables with escaping via `escape:'url'`.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** Solid conditional rendering logic (`{if $part == x}`) keeps things modular.
** Includes access control logic (e.g. `.user-logged-in`, `.user-logged-out`).
== Widget:HeaderLocalWiki ==
* Security flaws (0):
** No dynamic user data injection — links and attributes are static or hardcoded.
** No form handling or JavaScript evaluation in this widget.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** Good semantic structure for navigation layout.
** External and internal links are well defined.
** Good use of accessibility attributes like `aria-label`.
== Widget:Footer ==
* Security flaws (0):
** No user-supplied input directly echoed — all variables are sanitized via MediaWiki/Smarty.
** All links use HTTPS or internal routing.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** Solid privacy-aware design (e.g. Invidious for YouTube).
** Good fallback structure for trademarks.
** Social media links and sponsor info are templated with safe dynamic usage.
** Potential internationalization enhancements in the future if multilingual support is needed.
== Widget:Page Homepage ==
* Security flaws (0):
** No raw or unsafe user inputs.
** All links are internal or to verified external sources.
** No unsanitized dynamic content injection.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** Modal system is well-isolated and accessibility-friendly (`alt` texts are present).
** Lazy loading and structured sections enhance performance and user experience.
** Content presentation is comprehensive yet structured for clear user flow.
== Widget:CodeSelect ==
* Security flaws (0):
** No user input is executed or included unsanitized. The use of `escape:'html'` on `code` is correct.
** Dynamic attributes are safely wrapped in `<!--{if ...}-->` conditions.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** Modular and flexible for both inline and block code.
** `data-` attributes enable JS enhancements without introducing risk.
** Gracefully degrades with no JS.
== Widget:Donation Panel ==
* Security flaws (0):
** No user input is echoed without a `|default:''` fallback or context-appropriate escaping (e.g. `href`, `pre`, `src`, etc.).
** No script injection opportunities are introduced; links and values are tightly scoped.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** Layout is modular and accessible.
** JavaScript fallback message is clear for PayPal block.
** Good use of `pre` for address readability and QR image fallback.
** All toggles are based on native `<input type="checkbox">`, avoiding JS reliance.
== Widget:Download Button ==
* Security flaws (0):
** No unescaped user input is injected into critical attributes like `href`, `src`, `title`, `alt`, or inline `style`.
** Proper context-aware escaping and `|default:''` usage for dynamic variables (e.g. `text`, `url`, `redirectUrl`).
** Onion link section is isolated and contained.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** Defensive rendering: `foreach` loop verifies key existence before using `$imgSrc[$o]`.
** Smart fallback for icons depending on the `icon` parameter.
** Uses `<noinclude>` to provide developer notes and categorize properly.
== Widget:EagerImage ==
* Security flaws (0):
** Safe usage of `loading="eager"` and no dynamic values inside the attribute name.
** The `src` attribute is sanitized using `|default:''`, ensuring no raw unescaped user input is injected.
** No JavaScript or inline event handlers involved.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** Very lightweight, minimal-purpose widget.
** Defaults gracefully if parameters are not provided.
== Widget:Expand or Collapse All ==
* Security flaws (0):
** No dynamic data is injected into the widget.
** No use of `onclick` or unsafe inline scripting.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** This widget is dependent on JavaScript implemented elsewhere to provide functionality (e.g., toggling the `mw-collapsible` blocks).
** Clean semantic markup, good accessibility potential with minor enhancements (like `aria-expanded` if desired).
== Widget:ExtLink ==
* Security flaws (0):
** Proper escaping (`$url|escape:"html"`) is used for output in href attributes.
** No inline JavaScript or unsafe scripting detected.
** External links use `rel="noreferrer noopener"` which is good practice.
* Necessary improvements (0):
** None.
* Highly suggested improvements (1):
** Consider adding `aria-label` attributes to the icons for accessibility, especially for screen readers (e.g., `"Archive Today Icon"`). This would ensure better compliance with accessibility standards.
* Notes:
** This widget is impressively robust, parsing multiple archive and onion links and providing metadata and tooltips accordingly.
** `strip` is well-used to remove whitespace clutter while preserving functionality.
== Widget:FlyInNotification ==
* Security flaws (0):
** All variables (e.g., `imgSrc`, `imgLink`, `headline`, `html`) are safely handled, with `default:''` as fallback.
** No inline JavaScript is embedded. Only HTML and CSS structure for fly-in.
** External links are output via variables and are not assumed static — good practice.
** Uses `loading="lazy"` and `decoding="async"` to optimize performance.
* Necessary improvements (0):
** None.
* Highly suggested improvements (1):
** Consider adding `alt` attributes to the `<img>` tag for accessibility and SEO.
For example: `alt="Notification image"` or make it customizable via a `$imgAlt` variable.
** (Optional) The close icon
<pre>
<i class="close-panel fa-solid fa-times">` could benefit from `aria-label="Close notification"` for accessibility.
</pre>
* Notes:
** Clean and minimal structure — well-structured for optional image links and fallback content.
** Great use of Smarty conditionals to toggle linking and rendering.
== Widget:Free ==
* Security flaws (0):
** No user input or dynamic variables are used.
** Static link and static inline CSS — no external resources or scripts.
* Necessary improvements (0):
** None.
* Highly suggested improvements (1):
** For accessibility, consider adding `role="link"` and `aria-label="Link to reasons for freedom software"` to improve screen reader support.
** (Optional) Move inline `<style>` to a central stylesheet or widget if used across multiple widgets for consistency and maintainability.
* Notes:
** Very simple and static — serves its purpose well.
** Link styling is clearly defined, readable, and effective visually.
== Widget:Freedom ==
* Security flaws (0):
** No dynamic variables or external inputs used.
** Link and styling are hardcoded — nothing malicious or unexpected.
* Necessary improvements (0):
** None required.
* Highly suggested improvements (1):
** Same as `Widget:Free`:
*** For accessibility, consider adding `role="link"` and `aria-label="Link to why Whonix is freedom software"` for screen reader compatibility.
*** Consolidate repeated style definitions (shared `a.freelink`) into a global style block or CSS widget for reuse and DRYness.
* Notes:
** Only difference from `Widget:Free` is the target and label.
** Strongly consider unifying both into a single widget that takes a `link` and `label` parameter for better maintainability.
== Widget:Headline ==
* Security flaws (0):
** No unsafe user inputs directly exposed — sanitized via `regex_replace` and `default`.
* Necessary improvements (0):
** None required.
* Highly suggested improvements (1):
** For accessibility:
*** Add `role="heading"` and `aria-level="{$h}"` to the `<span>` inside the `<h*>` tag.
*** This is especially useful in complex or ARIA-rich environments where headings might be styled or altered by JavaScript.
** Minor: Consider documenting valid input range for `$h` (e.g., 1–6) to prevent misuse.
* Notes:
** Smart use of `regex_replace` ensures IDs are safe and consistent.
** Clean defaulting of headline level (`h1`) ensures it never fails silently.
== Widget:HtmlComment ==
* Security flaws (0):
** No output vulnerabilities — content is safely inserted within an HTML comment block.
* Necessary improvements (0):
** None required.
* Highly suggested improvements (0):
** None needed.
* Notes:
** This widget serves a utility role for injecting hidden comments into the HTML output.
** Defaults gracefully if `content` is not passed.
== Widget:Icon Bullet List ==
* Security flaws (0):
** No escaping issues — icons and labels are split from a comma-separated string and rendered safely.
* Necessary improvements (0):
** None required.
* Highly suggested improvements (0):
** None needed.
* Notes:
** This widget dynamically generates `<ul>` or `<span>` wrappers and uses either `<li>` or `<span>` children based on `$span`.
** Icons are extracted from the first part of a comma-separated string, while the label is taken from the second part.
== Widget:LeftRightImageText ==
* Security flaws (0):
** No user input is evaluated unsafely.
** All major variables are rendered inside HTML tags safely.
* Necessary improvements (0):
** None required.
* Highly suggested improvements (0):
** None needed.
* Notes:
** Clean and modular. Uses optional `$imageright`, `$imagelink`, and `$addToClass` logic to build structure.
== Widget:Non-freedom ==
* Security flaws (0):
** No unsanitized input or dynamic behavior.
* Necessary improvements (0):
** None required.
* Highly suggested improvements (0):
** None needed.
* Notes:
** Static styled link. Safe and simple.
== Widget:Pay by PayPal Subscription ==
* Security flaws (0):
** No dynamic input handling. Data sent only via POST to PayPal. Minimal attack surface.
* Necessary improvements (0):
** None required at this time.
* Highly suggested improvements (1):
** âš ï¸ Consider making the `business` email address a parameter or config variable rather than hardcoded. This would:
*** Improve flexibility for other deployments.
*** Avoid hardcoding potentially sensitive or hard-to-update data.
* Notes:
** Extremely long but static form. Auto-generated per comment.
== Widget:SitenoticeBanner ==
* Security flaws (0):
** None found. Input is escaped or hardcoded, and output is safely enclosed.
* Necessary improvements (0):
** None needed. Logic is simple and safe.
* Highly suggested improvements (0):
** No major recommendations.
* Notes:
** `robots-nocontent`, `googleoff`, and `noindex` ensure search engines ignore it.
** Includes `expires` time check and optional `href` wrapping.
== Widget:Subdomain link ==
* Security flaws (0):
** None. All variables like `context`, `sub`, `append`, and `text` are either preprocessed or escaped via Smarty logic.
** Regex used for extracting protocol and domain is safe due to clear constraints.
* Necessary improvements (0):
** No critical issues found.
* Highly suggested improvements (0):
** None needed.
* Notes:
** Smart use of `regex_replace` for extracting `requestProtocol` and `apexDomain`.
** Conditional output (`link`, `url`, or `parts`) based on the `result` value.
** Dots are escaped for regex safety (e.g., in domain detection).
== Widget:Terms of Service Agree ==
* Security flaws (0):
** No raw or unescaped user input is present.
** No scripting logic is present within this widget that could create injection risk.
* Necessary improvements (0):
** None required.
* Highly suggested improvements (0):
** None needed.
* Notes:
** This is a presentational widget rendering an empty OOUI button area, probably styled or populated dynamically via JS.
** `id` and `class` values follow consistent conventions for styling and interaction.
== Widget:Terms of Service Disagree ==
* Security flaws (0):
** No unescaped user input.
** No JavaScript or risky embedded logic.
* Necessary improvements (0):
** None needed.
* Highly suggested improvements (0):
** None needed.
* Notes:
** The form safely redirects to an external page for users who disagree with the Terms.
** Button styling is plain but intentionally clear.
== Widget:VideoLink ==
* Security flaws (0):
** No unescaped user input.
** All dynamic variables are embedded safely in static YouTube/Invidious URLs.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** Provides YouTube, Invidious (clearnet and onion) links.
** Includes clean separation between icon, link, and alternatives.
** Optional styling via `$style` param.
== LinkToArchive.php ==
* From our extension
* Security flaws (0):
** All input is safely handled using `Html::rawElement()` (MediaWiki's sanitization method).
** No unsanitized output. All icons and links are generated from pre-defined static logic.
** Uses `parse_url()` and `preg_match()` defensively to identify URL types.
** No direct user input or eval-style logic.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** Appends onion/archive icons to external links by detecting URL patterns.
** Returns `false` in `onLinkerMakeExternalLink()` to safely override default rendering.
** Code is self-contained and secure under MediaWiki standards.
== Hooks.php ==
From our CookieToBody class extension
* Security flaws (0):
** No XSS risk — all cookie values are validated with a strict regex (`/^[-]?[_a-zA-Z]+[_a-zA-Z0-9-]$/`) before being used as a CSS class.
** Body classes are safely appended using `$out->addBodyClasses()`.
** No output to the DOM or JS without strict validation.
* Necessary improvements (0):
** None.
* Highly suggested improvements (0):
** None.
* Notes:
** Only cookies prefixed with `ctbc_` are considered.
** Invalid values are sanitized by replacing them with error-tagged fallback classes.
** Ensures that only CSS-safe values are injected into the DOM.