Wikipedia talk:User scripts

To help centralize discussions and keep related topics together, Wikipedia talk:User scripts/ListWikipedia talk:User scripts/List and Wikipedia talk:User scripts/RankingWikipedia talk:User scripts/Ranking redirect here.

This project page does not require a rating on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Wikipedia Help Low‑importance This page is within the scope of the Wikipedia Help Project, a collaborative effort to improve Wikipedia's help documentation for readers and contributors. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. To browse help related resources see the Help Menu or Help Directory. Or ask for help on your talk page and a volunteer will visit you there.Wikipedia HelpWikipedia:Help ProjectTemplate:Wikipedia Help ProjectHelp Low This page has been rated as Low-importance on the project's importance scale. JavaScript This page is within the scope of WikiProject JavaScript, a collaborative effort to improve the coverage of articles related to JavaScript, and to the development of user scripts for use on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.JavaScriptWikipedia:WikiProject JavaScriptTemplate:WikiProject JavaScriptJavaScript

Archives (index)

Index 1, 2, 3, 4, 5, 6, 7

This page has archives. Topics inactive for 90 days are automatically archived 1 or more at a time by Lowercase sigmabot III if there are more than 4.

See here for a complete list of archives and other subpages from the deprecated WikiProject User scripts.

@GhostInTheMachine, what do you mean by not yours to change? Scripts can be added to this list by any user, so I'd assume any user can improve their short description on this page, just as they can improve the script's documentation. Am i missing something? FaviFake (talk) 13:52, 28 December 2025 (UTC)[reply]

Yeah, script authors don't WP:OWN the descriptions. Plus it was a small and reasonable copyedit that did not change the substance of the description. Nardog (talk) 23:40, 28 December 2025 (UTC)[reply]

Are they updated automatically? I've just added a script that has at least a few users and it shows N/A. Alaexis_¿question? 08:02, 12 February 2026 (UTC)[reply]

It's taken from WP:TOPSCRIPTS. Your script seems to have 15 users, which is more than the lowest in that list, so it should be on there, but it seems to be missing due to the bug discussed on the talk page. Now that you've added it to /List, it should be picked up by the bot's next run. Nardog (talk) 10:47, 12 February 2026 (UTC)[reply]

Thanks! Alaexis_¿question? 19:09, 12 February 2026 (UTC)[reply]

In the § Security section, I think we could mention that users can import a specific revision of a userscript that cannot be modified by its author or IAs—essentially importing and "locking" it to a certain version. I wasn't aware of it before I saw fifteen thousand two hundred twenty four's common.js.

I was thinking of adding something along the lines of:

If you want to use a specific revision of a script but don't want to copy its code, you can use the oldid URL parameter while importing it. This ensures that further updates or modifications to the script don't affect you. For example, to install the revision 1258977770 of the QuickEdit script:

mw.loader.load( '/w/index.php?title=User:BrandonXLF/QuickEdit.js&oldid=1258977770&action=raw&ctype=text/javascript' );

Thoughts? — DVRTed (Talk) 14:39, 28 February 2026 (UTC)[reply]

I think it goes both ways, if e.g. there's an XSS in the userscript, you now aren't automatically going to get the update and now the "security" feature has left you insecure. More realistically, changes to MediaWiki or something else require a change to the user script, which you either review or you don't, you update the oldid and it's good. Repeat this a few times, and in one of these changes someone slips in a security bug as part of a routine compatibility fix, and oops, you're pwned.

So yes, it could improve security, but it could just as easily risk leaving users exposed to previously fixed issues while lulling them into a false sense of security. Legoktm (talk) 18:06, 28 February 2026 (UTC)[reply]

Using a Subresource Integrity check instead of the oldid solves the first problem. When the script is updated, it will just stop working.

But neither of these methods will help if the script you're importing is just little stub importing a "core" script. You'll need to talk the script author into including an oldid or SRI check, too. SRI won't work for ES6 modules and WebWorkers but the oldid is probably good enough so long as there's big screaming comment saying e.g. /* IF YOU FIX ANY SECURITY HERE BUGS REMEMBER TO ALSO UPDATE blah blah blah */. Suffusion of Yellow (talk) 20:39, 28 February 2026 (UTC)[reply]

This page is updated by a bot and also shows many user scripts along with gadgets and other tools (if data was set on whether it's a user script, it could be filtered or sorted):

d:Wikidata:List of Wikimedia tools with Wikidata item

Thought I'd leave this here, for example as people watching this page may be interested in getting the data in the table here into Wikidata.

Its structured data allows querying tools for example and one can add further structured data such as the link of the issue tracker if available or a screenshot showing its functionality. For the user scripts that already have a Wikidata item, useful data that's currently missing in Wikidata is the number of the script's users which is shown here via Template:User script table row (apparently by Nardog). Maybe this data could be imported into Wikidata with some batch import or maybe there could be some technical development that enables dynamic display of that data within Wikidata or via SPARQL in the Wikidata query service (which the ListeriaBot can use). Prototyperspective (talk) 11:57, 2 March 2026 (UTC)[reply]