On Fri, Sep 26, 2008 at 12:04 PM, Tei oscar.vives@gmail.com wrote:
so... what stops a maliciuous banner script to insert viagra links on random wikipedia articles?.
Nothing except the external link filter, the captcha, and a lot of editors ready to revert them.
other than 2 unixtimes, and the md5 of summary, I don't see how this is protected at all.
For anon users, the edit token exists to ensure integrity of the submission, i.e., that it was submitted correctly and as intended. For logged-in users, it also makes impersonation more difficult. It is not meant to prevent incorrect submissions, which is a much higher-level job.