https://bugzilla.wikimedia.org/show_bug.cgi?id=46902
p858snake <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from p858snake <[email protected]> --- (In reply to comment #0) > To complete bug 46901, we need a single domain where global users will be > logged in, and all of the WMF sites can test check to see if the local wiki > should allow a user to login. > > Because this website will have a session for every logged in user, the site > should: > * Highly restrict the javascript that can run on it Could take away editinterface away from sysops, But that means they can't edit any message in the mediawiki ns, Which would be bad. But stops any of the edits to js/css that effects all users > * Minimize the amount of content and features, to reduce the risk for XSS > vulnerabilities Depending on what context you want it to be used, eg: central place for userpages, You wouldn't need many extensions that are outside the group thats defaultly enabled. > * Disallow any iframing We do this by default these days iirc, Or at least tim has coded it. -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
