Is there a bug filed for that? On Sep 30, 2015 12:13, "Daniel Friesen" <[email protected]> wrote:
> On 2015-09-30 8:48 AM, Chris Steipp wrote: > > * We disable site and user .js on Special:UserLogin, so a malicious admin > > can't add password sniffing javascript to the login page > Note that you can make use of pushState to render this protection moot > for anyone who clicks the login link instead of directly visiting > UserLogin page. Which is practically everyone. > > ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/] > > > _______________________________________________ > MediaWiki-l mailing list > To unsubscribe, go to: > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l > _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
