While investigating T70521 today, me and Helder noticed that user-created CSS is loaded on Special:Preferences and Special:UserLogin. Both special pages call $out->disallowUserJs(), which only controls TYPE_SCRIPTS, not TYPE_STYLES or TYPE_COMBINED.
Is this a bug? Or is it safe for CSS to run on those pages?
Version: unspecified
Severity: normal
See Also: