Author: M8R-cyc3n3
Description:
The userlogin page does disable the MediaWiki:Common.js and
so on down to the the user's javascript.
However if a user has selected gadgets using specialprefs
and re-visits the userlogin page after logging in (perhaps
to switch to their other-other account :p) a malicious
gadget could go south with the password, just as easily as
it could on the specialprefs page where on-wiki javascript
is disabled for (I thought) the same concern.
Version: unspecified
Severity: enhancement
URL: http://i39.tinypic.com/29c2i2v.png
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=68521