First of all, I hope that you can forward it off to wikitech, but it seems that a malicious user at Wikibooks used their user JS to do some page move vandalism (see [[b:en:User:Vandel Damon/monobook.js]] for the JS in question). It's not much of a security loophole as it is undesirable for the wiki community, seeing that a lot of people would have to undo a lot of page moves.
If there was some way in the back end to prevent this, it would be appreciated.
kelvSYC wrote:
First of all, I hope that you can forward it off to wikitech, but it seems that a malicious user at Wikibooks used their user JS to do some page move vandalism (see [[b:en:User:Vandel Damon/monobook.js]] for the JS in question). It's not much of a security loophole as it is undesirable for the wiki community, seeing that a lot of people would have to undo a lot of page moves.
If there was some way in the back end to prevent this, it would be appreciated.
There's nothing malicious you can do from *your own* user javascript that you can't do from a different form of client-side script or bot.
In interactions between the server and a client, JavaScript is exactly equivalent to user-performed actions and non-browser bots.
Even if we tried to place restrictions on user JavaScript or disable it entirely, there is no way to protect against that distinct from general restrictions on submissions from some user. The malicious user could trivially substitute JavaScript that comes from their local machine or another source, a modifying proxy to insert it, or use a different client-side tool to perform equivalent processing.
-- brion vibber (brion @ pobox.com)
Even if we tried to place restrictions on user JavaScript or disable it entirely, there is no way to protect against that distinct from general restrictions on submissions from some user. The malicious user could trivially substitute JavaScript that comes from their local machine or another source, a modifying proxy to insert it, or use a different client-side tool to perform equivalent processing.
It's too bad we can't prevent massive damage that may result from this. Oh well...
kelvSYC wrote:
Even if we tried to place restrictions on user JavaScript or disable it entirely, there is no way to protect against that distinct from general restrictions on submissions from some user. The malicious user could trivially substitute JavaScript that comes from their local machine or another source, a modifying proxy to insert it, or use a different client-side tool to perform equivalent processing.
It's too bad we can't prevent massive damage that may result from this. Oh well...
Any sysop can modify another user's javascript. So you could use that fact to determine his IP address even if he was behind a proxy, or encourage him to install malicious ActiveX, or crash his browser. Let's just say it wasn't a good choice of platform on his part.
-- Tim Starling
wikimedia-l@lists.wikimedia.org