On 11/6/14 4:45 PM, Chris Steipp wrote:
For me, I like knowing that when I login on a random wiki in our cluster, a site admin can't have (maliciously or unintentionally) put javascript on the login page to sniff my password. I'd prefer Kunal's patch had a feature flag so we could disable this on WMF wikis, but sites with robust auditing of their common.css can enable it.
I've amended https://gerrit.wikimedia.org/r/#/c/165979/3 to be controlled by a config setting.
-- Legoktm