On 2015-09-30 8:48 AM, Chris Steipp wrote: > * We disable site and user .js on Special:UserLogin, so a malicious admin > can't add password sniffing javascript to the login page Note that you can make use of pushState to render this protection moot for anyone who clicks the login link instead of directly visiting UserLogin page. Which is practically everyone.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/] _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l