https://bugzilla.wikimedia.org/show_bug.cgi?id=48931
Web browser: ---
Bug ID: 48931
Summary: Load user javascript on Special:Preferences
Product: MediaWiki
Version: 1.22-git
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: Unprioritized
Component: ResourceLoader
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected],
[email protected]
Classification: Unclassified
Mobile Platform: ---
Currently the User:XXX/common.js etc. is not loaded on Special:Preferences.
I've read many reasons for this, but IMHO none is (still) valid:
* If a user breaks something, he should be able to switch to a working skin.
** This is no longer a valid reason, as common.js is active in any skin anyway.
** It actually never was a valid reason, as the .css files are loaded even on
Special:Preferences, and a * {display:none;} breaks more than you can break
with javascript.
* An evil script could manipulate the password/email.
** Password and email are now on their own special pages (and scripts aren't
and shouldn't be loaded there for exactly that reason).
* An evil script could read other settings (like the watchlist token).
** These are available via mw.user.options on any page.
** And of course $.get('/wiki/Special:Preferences').done(function(html) {
//analyze html
}); was always possible.
* An evil script could change settings.
** There is even an API module for this.
** And of course using $.post as above for $.get was always possible.
So I can't find any reason not to load the user's javascript on
Special:Preferences. On the other hand there are many user scripts that add
some entries to the side bar or other navigation elements which should be there
on Special:Preferences, too, to ensure a consistent layout.
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
