Make javascript editing permissions more fine grained and separate from normal editinterface right
Open, Needs TriagePublic

Description

The most dangerous permission admins have is JS editing - but its also only used by a minority of admins. Additionally, editing other user personal js/css is pretty dangerous, and rather rarely needed.

We should be able to move that to a separate group (This bug is only about having the technical ability to do so within MediaWiki. Whether or not its a good idea to do so on WMF wikis, and whether its politically acceptable are separate discussions, and out of scope of this bug)

Things to do:
*Separate interface messages into normal interface, raw html, and js/css files. Have different permissions for the different types, or at least editinterface vs editinterface-scriptable.
**This is mostly easy, but tracking down all raw html messages might be annoying. Especially, lots of extensions seem to use raw html-ish stuff in js. (See also T2212)

Bawolff created this task.Dec 8 2015, 11:46 PM
Bawolff updated the task description. (Show Details)
Bawolff raised the priority of this task from to Needs Triage.
Bawolff added a project: Security-Team.
Bawolff added subscribers: Bawolff, csteipp.
Restricted Application added subscribers: StudiesWorld, Aklapper. · View Herald TranscriptDec 8 2015, 11:46 PM
TTO added a subscriber: TTO.Dec 9 2015, 12:38 AM
Nirmos added a subscriber: Nirmos.Sep 9 2017, 2:25 AM
Mattflaschen-WMF renamed this task from Make javascript editing permissions more fine grained and separate from normal edit-interface to Make javascript editing permissions more fine grained and separate from normal editinterface right.
Mattflaschen-WMF added subscribers: OdMishehu, Tgr.