[Bug 10183] Add personal Common.css & Common.js

bugzilla-daemon Sat, 22 Aug 2009 20:14:23 -0700

https://bugzilla.wikimedia.org/show_bug.cgi?id=10183






--- Comment #21 from Daniel Friesen <mediawiki-b...@nadir-seen-fire.com>  
2009-08-23 03:14:15 UTC ---
(In reply to comment #20)
> (In reply to comment #19)
> > Seems add two lines in the site MediaWiki:Common.js will solve this:
> > 
> > importScript('User:' + wgUserName + '/common.js');
> > importStylesheet('User:' + wgUserName + '/common.css');
> > 
> 
> Remember that importScript is asynchronous and is subject to temporal
> displacement etc.
> 

And that'd better be wrapped in if( wgUserName ) or you'll introduce a script
injection vector for all anon users where someone can edit [[User:/common.js]]
and globally attack every visitor to the site with js enabled.


-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 10183] Add personal Common.css & Common.js

Reply via email to