On 2018-06-11 15:28, Petr Bena wrote:
Is there any historical evidence that sysops being able to edit JS /
CSS caused some serious issues? Your point that "most of
administrators don't understand JS / CSS" is kind of moot. They are
usually trustworth and intelligent people. They don't mess up with
something they don't understand and therefore it makes little sense to
restrict them from being able to do that.

Yes, in the recent months there have been several incidents of a sysop accounts on Wikimedia wikis being taken over by an attacker, and the first thing done by the compromised accounts was adding nasty code to sitewide JavaScript to take over further accounts.

Bartosz Dziewoński

Wikitech-l mailing list

Reply via email to