I still don't see how this javascript proxy adds extra
vulnerabilities. The only difference between having a proxy, is the
advantage of being able to directly use an xmlhttprequest. Introducing
this proxy will still only allow local sysops to add toolserver
JavaScript to the wiki.
Being a sysop, what I would then is: var req=sajax_init_request();
req.open('GET', '/tools/~bryan/evil-script');. What I now do is
document.write('<script
src="http://tools.wikimedia.de/~bryan/evil-script"></script>').
This
still executes JavaScript being out of revision control.
Bryan