Page MenuHomePhabricator
Create Task
Maniphest T200878

Users should be warned againts putting arbitrary code to personal scripts
Closed, ResolvedPublic
Actions

Description

When you attempt to edit eg. your own /common.js, you will see:

Please note: JavaScript subpages should not contain confidential data as they are viewable by other users.

I think this should be extended to warn against putting a code that for instance comes from another users' subpage.

Details

SubjectRepoBranchLines +/-
Inform users about common.js's powermediawiki/coremaster+6 -0
Customize query in gerrit

Related Objects

Event Timeline

matej_suchanek created this task.Aug 1 2018, 7:35 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 1 2018, 7:35 AM
Tgr added a comment.Aug 1 2018, 12:04 PM

That's userjsispublic (and usercssispublic/userjsonispublic), FWIW.

See also T60291.

Tgr added a comment.Aug 1 2018, 12:05 PM

...and T186391.

matej_suchanek added a comment.Aug 1 2018, 12:51 PM

@Tgr: Both tasks are restricted for me. Feel free to close this task if it's redundant.

Phabricator_maintenance added a project: acl*security.Sep 20 2018, 9:14 AM
chasemp triaged this task as Medium priority.Dec 9 2019, 4:53 PM
Aklapper removed a project: Security-General.Dec 13 2019, 10:46 AM
chasemp added a project: Security.Feb 10 2020, 10:58 PM
gerritbot added a comment.Feb 15 2020, 4:57 PM

Change 572415 had a related patch set uploaded (by Urbanecm; owner: Urbanecm):
[mediawiki/core@master] Inform users about common.js's power

https://gerrit.wikimedia.org/r/572415

gerritbot added a project: Patch-For-Review.Feb 15 2020, 4:57 PM
Urbanecm claimed this task.Feb 15 2020, 5:27 PM
Restricted Application added a project: User-Urbanecm. · View Herald TranscriptFeb 15 2020, 5:27 PM
Urbanecm moved this task from Backlog to Waiting on review on the User-Urbanecm board.Feb 15 2020, 5:27 PM
sbassett subscribed.Feb 18 2020, 2:58 PM
gerritbot added a comment.Feb 19 2020, 6:53 PM

Change 572415 merged by jenkins-bot:
[mediawiki/core@master] Inform users about common.js's power

https://gerrit.wikimedia.org/r/572415

Urbanecm closed this task as Resolved.Feb 19 2020, 6:57 PM
ReleaseTaggerBot added a project: MW-1.35-notes (1.35.0-wmf.21; 2020-02-25).Feb 19 2020, 7:00 PM
Maintenance_bot removed a project: Patch-For-Review.Feb 19 2020, 7:11 PM
Jdforrester-WMF subscribed.Feb 19 2020, 8:25 PM

Thank you.

chasemp removed a project: acl*security.Feb 20 2020, 8:17 PM
Pppery merged a task: T16534: New informational security message for user .js pages.Apr 12 2023, 1:04 AM
Pppery added subscribers: bzimport, Krenair, Liuxinyu970226 and 2 others.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL