On 2018-06-11 15:28, Petr Bena wrote:
Is there any historical evidence that sysops being
able to edit JS /
CSS caused some serious issues? Your point that "most of
administrators don't understand JS / CSS" is kind of moot. They are
usually trustworth and intelligent people. They don't mess up with
something they don't understand and therefore it makes little sense to
restrict them from being able to do that.
Yes, in the recent months there have been several incidents of a sysop
accounts on Wikimedia wikis being taken over by an attacker, and the
first thing done by the compromised accounts was adding nasty code to
sitewide JavaScript to take over further accounts.
--
Bartosz Dziewoński