Working examples vs. security

[Cheetham, Anastasia]

Our goals for the new documentation include (among others):
 1) community editing, and
 2) live demos within pages

This seems to open up a security concern: Support for community editing could allow editors to add malicious code to our documentation pages (not that anyone in our community would do that, but...).

Some of the proposed systems involve a review process that would prevent this (source files in git requiring a pull, for example), but some wikis (Confluence, for example) allow editors to embed HTML and JS right in the page.

How much of a concern should this be? Should a vetting provision for code be a requirement of any system we adopt? Any other thoughts on this issue?

-- 
Anastasia Cheetham     Inclusive Design Research Centre
acheetham at ocad.ca            Inclusive Design Institute
                                        OCAD University