Is there a bug filed for that?
On Sep 30, 2015 12:13, "Daniel Friesen" <daniel(a)nadir-seen-fire.com>
wrote:
On 2015-09-30 8:48 AM, Chris Steipp wrote:
* We disable site and user .js on
Special:UserLogin, so a malicious admin
can't add password sniffing javascript to the login page
Note that you can
make use of pushState to render this protection moot
for anyone who clicks the login link instead of directly visiting
UserLogin page. Which is practically everyone.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [
http://danielfriesen.name/]
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to: