Al <alj62888(a)yahoo.com> writes:
Why would css/js of a site be considered insecure for
the special
pages like the login page if the site is already considered trusted in
general by the user?
Site-wide CSS/JS wouldn't normally be considered insecure. The original
bug creator was talking about their own global CSS/JS which is loaded,
if I understand correctly, via the Extension:GlobalCssJs[1] from
meta.wikimedia.org[2].
Footnotes:
[1]
https://www.mediawiki.org/wiki/Extension:GlobalCssJs
[2]
https://www.mediawiki.org/wiki/Help:Extension:GlobalCssJs
--
Mark A. Hershberger
NicheWork LLC
717-271-1084