Note: The reason I have made this inclusion is to cut down on the size of the code of my signature that displays in edit windows so as to not inconvenience other editors when they edit talk pages. My signature is protected, the only individuals that can possibly vandalize it are sysops. Therefore, the risk of vandalism is essentially negated (at this point not even I can vandalize my current signature). As to concerns about cache, I have no intention of altering this inclusion in the future and thus my signature shall remain unchanged across any previous talk page posts of mine and the Wikimedia servers shall never be taxed having to re-cache them. If I decide to change my signature in the future the new signature will beccome s2.js (rather than the current s1.js) and subsequent changes shall follow that pattern. As well, even if my signature were not in a protected state the only individuals who'd be able to edit it would be myself and sysops due to the fact that it ends in .js, non-sysop editors cannot edit the .js files of other editors. ( → Netscott) 15:23, 18 March 2007 (UTC)
Why is it .js when it seems to be (HT|X)ML without any scripting? I'm curious if this is a possible security hole in the WikiMedia engine - kind of like a cross site scripting hack, but without actually crossing sites. — RevRagnarok Talk Contrib 17:48, 8 March 2007 (UTC)
- Because JS pages in my user space are only editable by myself and administrators. This essentially negates the possiblity that my signature will be a target for vandalism. I haven't tested to see if I can include unauthorized javascript on a given page in this way but if that is possible then obviously such a thing would be a security concern. (
→
Netscott) 17:55, 8 March 2007 (UTC)
- OK, so you're not sure either. I think I may take it to the pump (tech) to see what others think. — RevRagnarok Talk Contrib 18:03, 8 March 2007 (UTC)
- Oh yeah, the page itself in the noinclude tag says to see /doc which is now blank (but exists) while if I pull up the source then it directs me to this talk page. You may want to tweak that. ;) — RevRagnarok Talk Contrib 18:05, 8 March 2007 (UTC)
Note: The reason I have made this inclusion is to cut down on the size of the code of my signature that displays in edit windows so as to not inconvenience other editors when they edit talk pages. My signature is protected, the only individuals that can possibly vandalize it are sysops. Therefore, the risk of vandalism is essentially negated (at this point not even I can vandalize my current signature). As to concerns about cache, I have no intention of altering this inclusion in the future and thus my signature shall remain unchanged across any previous talk page posts of mine and the Wikimedia servers shall never be taxed having to re-cache them. If I decide to change my signature in the future the new signature will beccome s2.js (rather than the current s1.js) and subsequent changes shall follow that pattern. As well, even if my signature were not in a protected state the only individuals who'd be able to edit it would be myself and sysops due to the fact that it ends in .js, non-sysop editors cannot edit the .js files of other editors. ( → Netscott) 15:23, 18 March 2007 (UTC)
Why is it .js when it seems to be (HT|X)ML without any scripting? I'm curious if this is a possible security hole in the WikiMedia engine - kind of like a cross site scripting hack, but without actually crossing sites. — RevRagnarok Talk Contrib 17:48, 8 March 2007 (UTC)
- Because JS pages in my user space are only editable by myself and administrators. This essentially negates the possiblity that my signature will be a target for vandalism. I haven't tested to see if I can include unauthorized javascript on a given page in this way but if that is possible then obviously such a thing would be a security concern. (
→
Netscott) 17:55, 8 March 2007 (UTC)
- OK, so you're not sure either. I think I may take it to the pump (tech) to see what others think. — RevRagnarok Talk Contrib 18:03, 8 March 2007 (UTC)
- Oh yeah, the page itself in the noinclude tag says to see /doc which is now blank (but exists) while if I pull up the source then it directs me to this talk page. You may want to tweak that. ;) — RevRagnarok Talk Contrib 18:05, 8 March 2007 (UTC)