On Thu, Dec 12, 2013 at 7:21 AM, Brian Wolff <bawo...@gmail.com> wrote:
> I actually feel the opposite. Point #1 does not make core development > much harder. There's the occasional issue with local customization, > but in my experience these types of issues are few and far between. > Point #2 does scare me a little bit, particularly on the non > enwikipedia sites. I agree with Chad that anecdotes in this area > probably have more to do with no one looking, than any actual greater > security. > > --Bawolff > I'll compile hard numbers when I have some free time, but I strongly agree with Bawolff here. Site javascript has a significant percentage of the totally xss'es we've fixed, and almost no one is reviewing them. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l