On 9/10/07, Brion Vibber brion@wikimedia.org wrote:
I'm not sure this is a distinction that should be made in core. Anyone with editinterface can effectively take over another user account anyway if not stopped, can't they?
Only until we finish getting rid of the HTML messages. :)
You mean to get rid of MediaWiki:Common.js too? (Okay, that's not relevant to sites that set $wgSiteJs = false or whatever, so sue me.)
And anyone with editusercssjs can likewise pose almost any security risk as someone with editinterface. There's no reason to have this different except discouragement.
I'd disagree; they're rather distinct in essence.
Editing site JS is not so much different than editing other users' JS no matter how you cut it, at least not in practice.