User talk:Pfctdayelise/Cookieblock.js

Inserting code into a registered user's Javsascript file can modify the user's Wikimedia Commons cookie to disallow them rights such as editing or uploading (the concept of being "blocked").

After the user tries to login to Wikimedia Commons and thus loads their Javascript file, their browser cookie is thus modified. The cookie only applies to a specific browser on a specific computer, but it will apply to all users who use that browser on that computer and try to access Wikimedia Commons. Because this could potentially affect public access computers, the block period here is only 24 hours and not 10 years or some other indefinitely long period.

More specific/finely grained blocking is possible, such as blocking uploading only, and blocking a user from editing specific pages or namespaces.

Users who currently have this code in their JS file can be found by checking Special:Whatlinkshere.

A registered user who has such a block put on them could evade it and edit anonymously by any of the following methods:

• Switching computers (and not trying to log in)
• Switching browsers (and not trying to log in)
• Disabling cookies
• Disabling javascript (may allow them to login?) and clearing cookies
• Using javascript to undo the changes
• Changing their user javascript (if they can evade an edit block) and clearing cookies

The user will be able to edit (or perform the action disallowed by the block) using their account when:

• If the user stops using the account, for 24 hours or until they clear their cookies; or
• The code is removed from the JS page and either 24 hours pass, or they clear their cookies.

Instructions[edit]

To block a user with this method, add the desired code to the User:Username/monobook.js file for the user you want to block.

If the user logs on while this is in their js, their browser gets a 24hour cookie block. They don't have to edit to get the cookie, they only need to view pages while logged in.

86400000 represents a time period of 24 hours.

Normal block (blocks editing and uploading)[edit]

var date = new Date(); date.setTime(date.getTime()+86400000);
document.cookie = "evilbit=True; expires=" + date.toGMTString() + "; path=/";
//[[MediaWiki talk:Cookieblock.js]]

Upload-only block (user can still edit)[edit]

var date = new Date(); date.setTime(date.getTime()+86400000);
document.cookie = "evilbit=Upload; expires=" + date.toGMTString() + "; path=/";
//[[MediaWiki talk:Cookieblock.js]]

Upload-only block, one account only (user can change accounts to evade)[edit]

function blockupload() {
     document.getElementsByName("wpUpload")[0].disabled=true;
}
addOnloadHook(blockupload);

Fast unblock (switch the block to this to avoid the 24hour wait)[edit]

Just removing the code from the JS page will not remove the cookie - it will still take 24 hours to expire. This sets the cookie to expire after one minute (time 60000) and also sets it to have no effect (evilbit=False).

var date = new Date(); date.setTime(date.getTime()+60000);
document.cookie = "evilbit=False; expires=" + date.toGMTString() + "; path=/";
//[[MediaWiki talk:Cookieblock.js]]

Specific page only block (user can still edit all other pages, and upload)[edit]

TBC

Specific namespace only block (user can still edit all other namespaces, and upload)[edit]

TBC

Has this been tried? I see two problems with this:

• The javascripts aren't always loaded when changed (as they have been loaded some minutes before and are on browser cache). Thus, the blocking may not work immediatly.
• The 'block' needs to be removed when the cookie has been loaded by the user browser. When's that? How much to wait? How easy is to remove them?

Platonides 22:20, 18 December 2006 (UTC)[reply]

Template:JS migration Hello! This script has been detected as using deprecated parameters that need to be replaced with the updated version. Examples include addOnloadHook() needs to be replaced with $(); all wgGlobalVariables need to be properly gotten with mw.config.get( 'wgGlobalVariable' ); and addPortletLink needs to be called with mw.util.addPortletLink. Please see MW:ResourceLoader/Legacy JavaScript for details. Thank you. — {{U|Technical 13}} ^{(e • t • c)} 22:10, 18 January 2015 (UTC)[reply]