mirror of
https://gerrit.wikimedia.org/r/mediawiki/extensions/Gadgets
synced 2025-01-22 10:35:36 +00:00
5d3a547c8b
?withgadget query parameters allows for ad-hoc loading of gadgets (after passing all other basic checks). This was recently added in I5b30d4e. In T29766#7611796 Gergo raised concerns about how this can be potentially abused. This patch aims to restrict the feature by giving gadgets latitude to either use it or not depending on the nature of the gadget. The patch does so by adding `supportsUrlLoad` option that gadgets (maybe those deemed safe) can use it to opt-in to the parameter. By default gadgets don't support it, so it can be enabled for each on a case-by-case basis. Bug: T29766 Change-Id: Ie64174085e650579d76cc862774a4fe1b3d08396
87 lines
2.1 KiB
JSON
87 lines
2.1 KiB
JSON
{
|
|
"$schema": "http://json-schema.org/schema#",
|
|
"description": "Gadget definition schema",
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"settings": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"rights": {
|
|
"description": "The rights required to be able to enable/load this gadget",
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"default": {
|
|
"description": "Whether this gadget is enabled by default",
|
|
"type": "boolean",
|
|
"default": false
|
|
},
|
|
"package": {
|
|
"description": "Whether this is gadget a packaged ResourceLoader module",
|
|
"type": "boolean",
|
|
"default": false
|
|
},
|
|
"hidden": {
|
|
"description": "Whether this gadget is hidden from preferences",
|
|
"type": "boolean",
|
|
"default": false
|
|
},
|
|
"skins": {
|
|
"description": "Skins supported by this gadget; empty or true if all skins are supported",
|
|
"type": [ "array", "boolean" ],
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"actions": {
|
|
"description": "Page actions on which the gadget is supported",
|
|
"type": "array",
|
|
"items": {
|
|
"type": "string"
|
|
}
|
|
},
|
|
"category": {
|
|
"description": "Key of the category this gadget belongs to",
|
|
"type": "string",
|
|
"default": ""
|
|
},
|
|
"supportsdirectload": {
|
|
"description": "Whether this gadget supports ?withgadget query parameter",
|
|
"type": "boolean",
|
|
"default": false
|
|
}
|
|
}
|
|
},
|
|
"module": {
|
|
"type": "object",
|
|
"additionalProperties": false,
|
|
"properties": {
|
|
"scripts": {
|
|
"type": "array",
|
|
"description": "List of JavaScript pages included in this gadget"
|
|
},
|
|
"styles": {
|
|
"type": "array",
|
|
"description": "List of CSS pages included in this gadget"
|
|
},
|
|
"datas": {
|
|
"type": "array",
|
|
"description": "List of JSON pages included in this gadget"
|
|
},
|
|
"dependencies": {
|
|
"type": "array",
|
|
"description": "ResourceLoader modules this gadget depends upon"
|
|
},
|
|
"messages": {
|
|
"type": "array",
|
|
"description": "Messages this gadget depends upon"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|