Page MenuHomePhabricator

Users should be warned againts putting arbitrary code to personal scripts
Closed, ResolvedPublic


When you attempt to edit eg. your own /common.js, you will see:

Please note: JavaScript subpages should not contain confidential data as they are viewable by other users.

I think this should be extended to warn against putting a code that for instance comes from another users' subpage.

Event Timeline

That's userjsispublic (and usercssispublic/userjsonispublic), FWIW.

See also T60291.

@Tgr: Both tasks are restricted for me. Feel free to close this task if it's redundant.

chasemp triaged this task as Medium priority.Dec 9 2019, 4:53 PM

Change 572415 had a related patch set uploaded (by Urbanecm; owner: Urbanecm):
[mediawiki/core@master] Inform users about common.js's power

Change 572415 merged by jenkins-bot:
[mediawiki/core@master] Inform users about common.js's power