On 04/06/2009, at 4:08 PM, Daniel Kinzler wrote:
David Gerard schrieb:
2009/6/4 Gregory Maxwell
<gmaxwell(a)gmail.com>om>:
Restrict site-wide JS and raw HTML injection to a
smaller subset of
users who have been specifically schooled in these issues.
Is it feasible to allow admins to use raw HTML as appropriate but not
raw JS? Being able to fix MediaWiki: space messages with raw HTML is
way too useful on the occasions where it's useful.
Possible yes, sensible no. Because if you can edit raw html, you can
inject
javascript.
When did we start treating our administrators as potentially malicious
attackers? Any administrator could, in theory, add a cookie-stealing
script to my user JS, steal my account, and grant themselves any
rights they please.
We trust our administrators. If we don't, we should move the
editinterface right further up the chain.
--
Andrew Garrett
Contract Developer, Wikimedia Foundation
agarrett(a)wikimedia.org
http://werdn.us