Board Thread:General Discussion/@comment--20150814190019/@comment-5590118-20150817140132

213.120.234.122 wrote: You say only 4% of communities have custom JavaScript, but that still is13200 communities which are inconvenienced. Also people make repeat edits, how are people supposed to test JavaScript with this review process?

For God's sake, just put the damn login form on a seperate, JS-free page! Surely that would solve  many security concerns! Why have you not addressed that issue, staff? Get your act togethor. You test JS by typing it out in a text editor, pasting it into your browser console, and checking for error/unexpected behavior. If it is functioning fine then write it to a page, if not then rinse and repeat.

As stated many times though the login form is not the only security issue. The main issue is that there are thousands of wikis that are unmonitored and anyone can write w/e JS they want and put it on one. After putting malicious code on one and luring users to it you can do quite a bit of damage as seen. The issues lie within a completely unchecked system where all JS can be put anywhere, not just in the login form.