alt Hacker News > Based on the fact user scripts are globally disabled now I'm guessing this was a vector.
Browsers still allow for user scripts via tools like TamperMonkey and GreaseMonkey, and that's not enforceable (and arguably, not even trivially visible) to sites, including Wikipedia.
As I say that out loud, I figure there's a separate ecosystem of Wikipedia-specific user scripts, but arguably the same problem exists.
Replies
Wikipedianon • yesterday at 8:39 PM
The sitewide JavaScript/CSS is an editable Wiki page.
You can also upload scripts to be shared and executed by other users.
karel-3d • yesterday at 8:34 PM
This is apparently not done browser side but server side.
As in, user can upload whatever they wish and it will be shown to them and ran, as JS, fully privileged and all.
Yeah, wikipedia has its own user script system, and that was what was disabled.