Separate right for foreign user js redirects
Require a new editmyuserjsredirect permission for users to edit
Javascript redirects in their userspace when the redirect target
is not in their userspace (unless they have edituserjs and can
edit any user JS anyway). This is to prevent attacks where a
popular userscript has been moved into the system namespace or
another safe location but many users still load it through the
original userspace redirect, and the attacker manages to take
over the userspace by compromising the account or getting it
renamed.
Since this is only a concern on large community wikis, by
default all users have the editmyuserjsredirect permission.
Bug: T207750
Change-Id: I36a879d5da04cb6f49ed1bc40dbe144f6862c6a1
Depends-On: I072cf857c1fff4578402904aa9cb5a0c8833f16f