MediaWiki:Common.js: Difference between revisions

Line 26:

if ( extraCSS ) {

~~// WARNING: DO NOT REMOVE THIS "IF" - REQUIRED FOR SECURITY (against XSS/CSRF attacks)~~

if ( /^MediaWiki:[^&<>=%#]*\.css$/.test( extraCSS ) ) {

mw.loader.load( '/w/index.php?title=' + encodeURIComponent( extraCSS ) + '&action=raw&ctype=text/css', 'text/css' );

Line 35:

Line 34:

if ( extraJS ) {

~~// WARNING: DO NOT REMOVE THIS "IF" - REQUIRED FOR SECURITY (against XSS/CSRF attacks)~~

if ( /^MediaWiki:[^&<>=%#]*\.js$/.test( extraJS ) ) {

mw.loader.load( '/w/index.php?title=' + encodeURIComponent( extraJS ) + '&action=raw&ctype=text/javascript' );

Line 52:

Line 50:

});

// WidgetBot: Discord Crate widget

$(document).ready(function() {

// Dynamically load the external script

Line 64:

Line 63:

});

// Safari polyfill for custom elements with built-in extends

(function () {

var ceScript = document.createElement('script');

ceScript.src = 'https://unpkg.com/@ungap/custom-elements-builtin';

ceScript.async = false;

ceScript.onload = () => console.log('[Polyfill] custom-elements-builtin loaded');

document.head.appendChild(ceScript);

})();

// X-Frame-Bypass module script (type=module) — MUST be loaded as type="module"

(function () {

var bypassScript = document.createElement('script');

bypassScript.type = 'module';

bypassScript.src = 'https://unpkg.com/x-frame-bypass';

bypassScript.onload = () => console.log('[XFB] x-frame-bypass module loaded');

document.head.appendChild(bypassScript);

})();

@@ Line 26: / Line 26: @@
 	if ( extraCSS ) {
-		// WARNING: DO NOT REMOVE THIS "IF" - REQUIRED FOR SECURITY (against XSS/CSRF attacks)
 		if ( /^MediaWiki:[^&<>=%#]*\.css$/.test( extraCSS ) ) {
 			mw.loader.load( '/w/index.php?title=' + encodeURIComponent( extraCSS ) + '&action=raw&ctype=text/css', 'text/css' );
@@ Line 35: / Line 34: @@
 	if ( extraJS ) {
-		// WARNING: DO NOT REMOVE THIS "IF" - REQUIRED FOR SECURITY (against XSS/CSRF attacks)
 		if ( /^MediaWiki:[^&<>=%#]*\.js$/.test( extraJS ) ) {
 			mw.loader.load( '/w/index.php?title=' + encodeURIComponent( extraJS ) + '&action=raw&ctype=text/javascript' );
@@ Line 52: / Line 50: @@
 });
+// WidgetBot: Discord Crate widget
 $(document).ready(function() {
      // Dynamically load the external script
@@ Line 64: / Line 63: @@
      });
 });
+// Safari polyfill for custom elements with built-in extends
+(function () {
+    var ceScript = document.createElement('script');
+    ceScript.src = 'https://unpkg.com/@ungap/custom-elements-builtin';
+    ceScript.async = false;
+    ceScript.onload = () => console.log('[Polyfill] custom-elements-builtin loaded');
+    document.head.appendChild(ceScript);
+})();
+// X-Frame-Bypass module script (type=module) — MUST be loaded as type="module"
+(function () {
+    var bypassScript = document.createElement('script');
+    bypassScript.type = 'module';
+    bypassScript.src = 'https://unpkg.com/x-frame-bypass';
+    bypassScript.onload = () => console.log('[XFB] x-frame-bypass module loaded');
+    document.head.appendChild(bypassScript);
+})();