Last modified: 2006-03-02 02:23:26 UTC
There is a possible security problem with signatures. In a worst case scenario, if a user were to have a signature like the following: <div class="plainlinks">'''[http://my.bad.page BadUser]'''</div> ...and leave a message on the talk page of a seward, the seward may then click on the link to respond. Using AJAX, it is possible for the page that is linked to to use javascript to make the user a bureaucrat and then redirect the seward to a page, so that the seward does not suspect anything. The user could then wreck untold havoc on Wikimedia sites until s/he is caught. For this reason, it may be best to disable the use of the "plainlinks" class.
(In reply to comment #0) > Using AJAX, it is possible for the page that is linked > to to use javascript to make the user a bureaucrat and then redirect the seward > to a page, so that the seward does not suspect anything. The user could then > wreck untold havoc on Wikimedia sites until s/he is caught. For this reason, it > may be best to disable the use of the "plainlinks" class. What would the exact mechanics of that be, pray tell? The only way that would work is if some script was embedded into the user rights page on Meta. In addition, we check the edit token of users to prevent spoofing user credentials. Finally, a local bureaucrat could not "wreak untold havoc on Wikimedia sites" because they're local.
1) This has nothing to do with signatures; all wikitext may contain such links. 2) The plainlinks class suppresses only the extra link icon; external links still retain the external link color. 3) The plainlinks class doesn't suppress the URL title or the status bar, which plainly show any external link. 4) As mentioned above, there is protection against offsite form submissions for sensitive functions, so there's no vulnerability to exploit.
