You don't have to inject javascript to do user tracking. This is possible with all kind of raw html that leads to inclusion of external elements, including style defs for ordinary markup. John
Daniel Kinzler skrev:
David Gerard schrieb:
2009/6/4 Gregory Maxwell gmaxwell@gmail.com:
Restrict site-wide JS and raw HTML injection to a smaller subset of users who have been specifically schooled in these issues.
Is it feasible to allow admins to use raw HTML as appropriate but not raw JS? Being able to fix MediaWiki: space messages with raw HTML is way too useful on the occasions where it's useful.
Possible yes, sensible no. Because if you can edit raw html, you can inject javascript.
-- daniel
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l