On Wed, Jan 11, 2012 at 4:43 PM, Happy Melon <[email protected]> wrote: > Yes, no user-editable scripts are run on pages where password forms reside, > because it is trivially easy for users to use them to introduce > password-sniffing JS attacks, either deliberately or inadvertantly. Or > that's the idea, at least; IIRC there's an open bug about gadgets running > somewhere they probably shouldn't, etc. >
Yep, you're looking at bug 10005[0]. This applies to password reset pages, preferences (last I checked) and user login. -Chad [0] https://bugzilla.wikimedia.org/10005 _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
