On Mon, 2003-09-29 at 05:26, tarquin wrote:
bummer. :(
I was using that facility to upload work on Wikipedia skins :(
Any chance you could reenable it on Meta?
Well, then you could only steal peoples' _meta_ passwords. :)
Actually, I haven't changed the test wiki, so you should be able to
upload live HTML pages to
test.wikipedia.org. No one would be using real
passwords there, anyway, so the danger's just in 'annoying' javascript.
(Like, open a million windows of goatse.cx and the hamster dance.)
Could you make it somehow mung any <script>
elements for safety?
Hypothetically, but that's more work and very hard to do safely, and you
still can't demo anything with javascript in it.
-- brion vibber (brion @
pobox.com)