Board Thread:General Discussion/@comment-7094291-20150818043319/@comment-7094291-20150818043603

Oh, and if anyone could explain the logic behind needing lenghty reviews for javascript, it would be appreciated. To me, it seemed like someone simply wrote a script to go through all of the wiki's that weren't locked down and add additional javascript to them.

To me this seems like it would be easy enough to prevent this by only allowing admins and/or people who admins grant javascript edit abilities to directly to edit javascript. New users wouldn't be admins and therefore couldn't edit the javascript similar to the recent attack.

Or are there more security holes I'm not aware of?