https://bugzilla.wikimedia.org/show_bug.cgi?id=57891
--- Comment #18 from James Forrester <[email protected]> --- (In reply to Isarra from comment #17) > (In reply to James Forrester from comment #16) > > I understood that the point of this bug was user-level farm-global JS and > > CSS. Wiki-level farm-global JS and CSS that any admin on meta can edit would > > instantly turn this immediately into a WONTFIX, IMO. > > Why would that turn it into a wontfix? Meta admins already have access to a > lot of global features, including centralnotice - which, from what I > understand, allows the insertion of any arbitrary css and js. We already > trust them with that, and they've shown to be sensible, so how would this be > any different? "Other stupid decisions have been made, so we should make more!" isn't a great argument. I think in this case we've got a great, useful tool (user-level farm-global JS and CSS) and a suspect, unrelated tool (in terms of user experience, not code). CN currently does allow arbitrary insertion of code, yes, which is one of the reasons why there are plans to re-work it so that there aren't. Writing code that goes active on all wikis at once is a major security vulnerability (and hugely disruptive to wikis). This is a major cross-wiki community issue to which a proper long-term solution is already underway (global gadgets), and throwing new technical toys doesn't make it easier. Why don't we focus efforts on the proper solution? -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
