Page MenuHomePhabricator

User script on user subpage doesn't work after user rename
Open, Needs TriagePublic

Description

When a user is renamed, their user scripts too, but on the old title a redirect is set to the new (Eg: Old title and New title). And recently a user found that the script doesn't work for anyone who had installed the script before rename.

As a lot of users get renamed every day, it is not possible to fix these plus they require an interface admin.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript
1997kB updated the task description. (Show Details)

Can't reproduce, the redirect works fine with my Firefox 78.6.1 ESR on Debian buster. Which browser are you using?

I am using Chrome Version 87.0.4280.141. Tried firefox 84.0.2 and I can reproduce it.

Ah, that explains it (and why I couldn't reproduce by just copying and pasting the code to my browsers console). Tagging security for awareness.

Aklapper renamed this task from User scipt doesn't work after rename to User script on user subpage doesn't work after user rename.Jan 18 2021, 4:24 PM

I think URL breakage is intended, see T207603: Loading JS from user space where the username is not a registered account is dangerous and should be banned.

Any proposals what else to do? "Block" the previous username forever?

Currently old username is added to antispoof so only an account creator or admin can register them, but if that's not enough, I support it blocking forever (only when js pages are involved and there's a redirect) instead of breaking all these scripts.

Security tasks {T256558} and {T183212} may be relevant