Commit graph

1845 commits

Author SHA1 Message Date
Thiemo Kreuz 03ef969122 Show reference previews only on self-links
This solves the (I believe) only regression we introduced: A bad fake
reference like <span class="reference">[[Other article#Section]]</span>
showed a page preview for the "Other article" before we introduced
reference previews, but would have shown nothing after I9ec57e0.

Checking if the link is a self-link solves this and possibly more related
issues. Only self-links can point to a footnote on the same page.

Manually created fake-references like
<span class="reference">[[#Section]]</span> still have a chance to show
nothing in case the manually created HTML does not strictly follow the
expectations in the gateway. There is not much we can do about this. We
should not accept any arbitrary HTML but need to make at least *some*
assumptions.

Bug: T214970
Change-Id: I86e91bf45c3ae4c6a4086f7f1c7b1280fd400d17
2019-02-01 12:14:06 +01:00
Thiemo Kreuz f1fd3eafc4 Mark optional elements in the PreviewModel specification as such
We updated this documentation just recently via Ie370cfe. We followed
what the createModel() function does. But this is not the only way a
PreviewModel object can be created. Reference previews, for example,
don't use it.

Instead of following createModel(), I checked what the different popup
types actually use.

Bug: T214970
Change-Id: I2c4293a48387836dc30e18d10d952b4a26e6f2b5
2019-02-01 11:50:43 +01:00
Thiemo Kreuz 7db6508a77 Remove unused model elements from renderer tests
I do find these very confusing and would like to remove them:

* The test setup looks like these popup types are going to use
  these properties. But they don't. They are not even trying to
  access these properties.
* There are no assertions that make sure these properties are
  *not* used. It would be possible to add something like this,
  but I honestly think this is not worth it.

We might need to reflect this in the PreviewModel documentation
in src/preview/model.js. I would like to do this in a separate
patch.

Bug: T214970
Change-Id: I136112bfea7f732d2673bcb8c69aba9defe6ba85
2019-02-01 10:41:58 +00:00
WMDE-Fisch 0c0226c4ee Add and fix gateway/page module
Change-Id: Icd8e9e3a6f643ebba0c2bb9b4fcb84e1260d41ca
2019-02-01 11:14:00 +01:00
jenkins-bot 9ba5129777 Merge "Tests for the code deciding on the general gateway type" 2019-02-01 09:55:32 +00:00
jenkins-bot c9cbfb61b1 Merge "Factor out gateway selection" 2019-02-01 09:50:53 +00:00
WMDE-Fisch 9e641dfc86 Tests for the code deciding on the general gateway type
This tests the newly introduced code that decides if page or reference
previews should be used in the handling of a dwel event.

Bug: T214971
Change-Id: Ib20d00b7b9ee9b1ed82763137ec62e468e8f05f9
2019-02-01 10:35:27 +01:00
WMDE-Fisch dbb7e0fbdc Factor out gateway selection
This is mainly done to increase testabilty of this part. I am a bit
unsure if this should ( have been ) integrated in the former index.js
that's now the page.js. - See also the refactoring done before.

Bug: T214971
Change-Id: I90d0441510bc1ec0b4900a392afcbaff6a552377
2019-02-01 10:14:00 +01:00
Thiemo Kreuz 13015ad317 Fix a series of minor documentation issues in PHP code
E.g. type hints that have been missing, missing indention, and such.

Change-Id: I34610a03ad69d7988e9976a08a289c64121420ca
2019-02-01 09:42:14 +01:00
Translation updater bot 67f8129d17 Localisation updates from https://translatewiki.net.
Change-Id: I5b1994da1ca78fcd353327f19d9cd2a3b279e98d
2019-01-31 22:26:17 +01:00
WMDE-Fisch 31ee16938c Rename page gateway file
This is as preparation to introduce a gateway switch that decides if the
page or reference gatway should be selected. Moving that code to it's own
realm makes that path better testable.

Bug: T214971
Change-Id: I5efa9fb8f63f1487c627eb9a3f1fe47f43c611cc
2019-01-31 12:09:12 +01:00
Ed Sanders e1c4e94b23 build: Update eslint-config-wikimedia to 0.10.0
Also enable jquery ruleset.

Change-Id: Ie1f43d0335ea2aad1e2dd5d86b775316105c3d90
2019-01-31 11:05:33 +01:00
jenkins-bot ca8353cfbe Merge "Fix a series of issues with misdetected reference elements" 2019-01-31 09:36:00 +00:00
jenkins-bot 83ccfd34e9 Merge "Fix inconsistent font size in reference popups" 2019-01-31 09:30:58 +00:00
Thiemo Kreuz 515775685c Fix a series of issues with misdetected reference elements
This installs a series of safety nets:

* The selector [href*="#"] skips links without a fragment.

* It's still possible that a fragment exists, but is empty.
mwTitle.getFragment() checks this.

* The gateway does not assume the element exists, but checks this first.
If there is no such element, the gateway aborts the request in a way
that no error popup is shown. This is currently only possible with the
`{ textStatus: 'abort', xhr: { readyState: 0 } }` response as seen in
this patch. We might need to introduce a new, more clean way to silently
quit a fetchPreviewForTitle() call.

* The test for the reference gateway finally covers the scraping code.

Bug: T214970
Bug: T214971
Change-Id: I9ec57e0fbb0d21beaaa7b359c1c2bef64d2c14f5
2019-01-31 10:29:46 +01:00
Translation updater bot f3c4978b2b Localisation updates from https://translatewiki.net.
Change-Id: I5f1a7542627d1ce9828bc8f28df069b529efa1f9
2019-01-30 22:14:26 +01:00
Thiemo Kreuz 093ebf4725 Fix inconsistent font size in reference popups
See T213905#4908901.

Bug: T213905
Change-Id: Id52575f336498bc7f4f313ad838925b0eccdc7f4
2019-01-30 20:15:54 +01:00
Thiemo Kreuz a8859658f5 Add missing HTML escaping to all existing page preview types
Including tests for all situations.

I believe it is impossible or extremely hard to actually abuse any of
these places. All these data are not extracted from the current page, but
delivered either by MediaWiki's api.php or a RESTful endpoint, as
configured via $wgPopupsGateway and $wgPopupsRestGatewayEndpoint. A
possible attacker would need to write it's own endpoint (which must either
run on the same server or somehow ignore the CSRF token), and set the
value of mw.config.values.wgPopupsRestGatewayEndpoint on the client to
this endpoint – which requires just *another* attack vector to be able to
do this.

It's "the right thing"(tm) to escape all this anyway.

I found two possibly relevant security reviews of this extension, T88171
and T129177, resolved in 2015 and 2016.

Bug: T88171
Bug: T129177
Bug: T214754
Bug: T214971
Change-Id: I1d118c9ccaea434a253a772d18139b9b077118ab
2019-01-30 18:29:14 +01:00
jenkins-bot 52b932be16 Merge "Rewrite title module to preserve all link's #fragments" 2019-01-30 15:36:39 +00:00
jenkins-bot 4676be8ff1 Merge "Hygiene: rename NPM test:node to test:unit" 2019-01-30 08:12:33 +00:00
jenkins-bot 66d2169eff Merge "Avoid arrow functions in browser tests" 2019-01-29 18:00:03 +00:00
Thiemo Kreuz 0a8f591212 Rewrite title module to preserve all link's #fragments
This will affect all links, including [[Other page#Fragment]] for
example. But it will not have much of an effect there. The mw.Title
class is able to understand strings like "Other page#Fragment". All
old code calls title.getPrefixedDb() on the result. This will *not*
include the fragment. Only the new code will use title.getFragment().

I made sure this does not affect regular page previews, even when the
link is something like [[Other page#Fragment]].

Bug: T213415
Change-Id: I15611a44aa0477cc5e48ee4b12aae3cd981d977c
2019-01-29 17:43:28 +01:00
WMDE-Fisch 0c3d876b45 Avoid arrow functions in browser tests
Mocha discourages the usage of arrow functiones in the test specs since
Mocha context can't be accessed from inside.

I stumbled across this when using this.skip(); in the reference preview
selenium tests. Since it took me some time to figure out why it was not
working, I guess it's better to avoid lambdas generally there.

See https://mochajs.org/#arrow-functions

Change-Id: I95cb183ac88e9a624c449a8f9addbe84bf76c335
2019-01-29 16:37:37 +00:00
Thiemo Kreuz 0c889c4cd4 Add default OOUI reference icon to all reference popups
I tried hard to keep the CSS as small and robust as possible. The
icon will be align with the text by adding a negativ margin. With
that we also decided against using RTL and LTR specific icons that
are positioned at the edge of the canvas for now.

Bug: T213907
Change-Id: I98888114e1c50e249cf31e71749323bd4f69da3f
2019-01-29 17:06:40 +01:00
Thiemo Kreuz bb60d5b716 Move default "Footnote" title from gateway to renderer
I guess both is fine: either having the default in the gateway (as it
was before), or in the renderer (as this patch proposes). I, personally,
feel better with having it closer to where it is needed. This way it's
not possible to accidentially deliver a model object with an empty title.
The renderer will catch this.

At the moment we don't know exactly how we will fetch other titles (e.g.
"Book").

This change is split from I15611a4 where it was a little misplaced.

It also includes a test for the default fallback title.

Bug: T213907
Change-Id: I8ec3ddc21a417da7f95feff7b080cbd60d5472e7
2019-01-29 11:37:47 +01:00
Translation updater bot 0f79dcb36e Localisation updates from https://translatewiki.net.
Change-Id: I3a04b50fd2afce3f4883781e2f68e61c531546de
2019-01-28 22:27:13 +01:00
Thiemo Kreuz 6e5be9d2ef Add missing HTML escaping to reference preview renderer
Including tests. I also changed the title to include quotes as well,
even if not critical in that case.

Bug: T214754
Change-Id: I2f92a5714f7adc229a003f9167bcc9afdbc55583
2019-01-28 19:35:20 +01:00
Thiemo Kreuz 46cda9fa44 Add missing escaping for jQuery ID selector
Special characters that have a meaning in one of the many different input
formats jQuery accepts must be escaped.

The real-world use-case are references like <ref name=":1"> with a colon.
But it's many more characters that need escaping. See
http://api.jquery.com/category/selectors/

Note this patch misses a test. I already uploaded I9ec57e0 to fix the
currently incomplete tests. But I can't make it work. How do I create an
element in the test environment so that jQuery finds it?

I suggest to merge this and continue working on the tests later, because
this is currently one of the most annoying issues that makes all testing
unreliable.

Bug: T214710
Change-Id: Ifb5fe896936078f799298ac803d019d9caa048c8
2019-01-28 15:18:01 +01:00
Thiemo Kreuz 0859f2ed8d Also set rel="noopener" on target"_blank" links
The need for this is more a sign for a broken specification than an
actual issue with this code. But better be sure than sorry. More
details at
https://mathiasbynens.github.io/rel-noopener/

Bug: T214776
Change-Id: Idbcfae6d146fbbe3bff730239329beeb3455e18c
2019-01-28 12:04:40 +01:00
Translation updater bot 64d8837471 Localisation updates from https://translatewiki.net.
Change-Id: Ifde26234438d8a5945686c47c6406e0103ed6840
2019-01-26 22:17:40 +01:00
Translation updater bot 2a9e7062d0 Localisation updates from https://translatewiki.net.
Change-Id: I93c9a85b5cbcb5af480cad9d9dbfc1f94e422f98
2019-01-25 22:29:20 +01:00
Thiemo Kreuz 8d8446571e Open all links in a reference preview's content in new tabs
Bug: T213908
Change-Id: Iaadcce99b68542094333730d99f776d9e5f056f9
2019-01-25 14:00:17 +01:00
jenkins-bot 822569ea58 Merge "Replace rare {!…} and {?…} JSDoc syntax" 2019-01-24 20:07:27 +00:00
Thiemo Kreuz 97a5d335d7 Replace rare {!…} and {?…} JSDoc syntax
This is documented at http://usejsdoc.org/tags-type.html, but not in many
other places, especially not in the JSDuck documentation.

The {!…} syntax means "can not be null". This is the default anyway.

The {?…} syntax means nullable. In a few situation is was used when a
parameter can be undefined. I decided to remove it everywhere and replace
it with {…|null} when appropriate, because this is much more explicit. Less
syntax to remember.

Note I'm intentionally not using the […] syntax when a parameter is followed
by non-optional parameters. Actually skipping a parameter in such a situation
would mess the parameter order up. Having optional parameters not at the end
is sometimes used as a feature in JavaScript code, but not in this codebase,
as far as I can see.

Change-Id: Ie370cfe08c32d1af5b0341951bed044fc3511c57
2019-01-24 21:00:45 +01:00
Thiemo Kreuz 3c1eae29eb Add test for opening reference preview links in new tabs
Bug: T213908
Change-Id: I7fb72c9a1e2c4f827c0d94e3ee8b2ea992feb955
2019-01-24 19:57:44 +00:00
Thiemo Kreuz aa1b9cf407 Add QUnit test for reference preview renderer
I finally found the issue. It was an incomplete mock for the
mw.html.escape() function that would return the string unescaped.

Bug: T213415
Bug: T213908
Change-Id: I198393b3c72771e4018f79913ddb9f4cb2c0d4de
2019-01-24 19:57:31 +00:00
Thiemo Kreuz 553e76e2bc Add QUnit tests for most new reference preview code
Excluding tests for the renderer which keeps failing. This will be
readded in a later patch.

Bug: T213415
Bug: T213908
Change-Id: If79fa3d0a7a20f121b1ceda6e0e33ad691b1ad30
2019-01-24 19:35:38 +01:00
jenkins-bot 759f641acc Merge "Hygiene: move imports above constants" 2019-01-24 18:10:07 +00:00
Stephen Niedzielski 214795f829 Hygiene: move imports above constants
Make the imports more consistent by moving them to always appear above
declarations.

Change-Id: Ic1b6786d5daccf71898aeab3cb0ec2b64efe80f7
2019-01-24 08:33:29 -07:00
Stephen Niedzielski 6859d6f828 Hygiene: rename NPM test:node to test:unit
Rename the NPM test:node script to test:unit for consistency with
MobileFrontend.

Change-Id: I7329592ab5b375d816cd36a28a04cbe1d8f044a5
2019-01-24 08:29:27 -07:00
Thiemo Kreuz 7ca5d1fc9b Update PHPDocs and strict typing for array parameters
This does make generic `array` type hints more specific when possible.

I'm also applying my personal best practice to not have any @return
documentation on test @dataProviders. These don't provide any useful
information, and can't. The best type we could use is `@return array[]`,
but that would be the same for every single data provider. Copy pasting
these comments around is of no real value.

Also it was already inconsistent as some did not had this comment.

Change-Id: Id401c7e32493b6a9faaf6d47cddc01e2227102af
2019-01-24 15:44:26 +01:00
Derick Alangi 724d930c00 Remove irrelevant trailing forward slash from comment
Change-Id: Id0d148726bd198da2724393420b8f193950e0621
2019-01-24 15:20:53 +01:00
WMDE-Fisch 645aa24b7c Add browser tests for reference previews
The test setup was slightly refactored to be more general about
the type of the popup.

The additional reference links on the test page were added mostly
to be prepared for further tests of more complex cases.

On the CI the tests should be executed with having reference
popups enabled. The code tries to skip test when the feature is
disabled.

See I17687c62cc8d738a4eb41738c9ce6662a5ec68d8
and I1eb7409aa3bd111c2e461dfe245d95f7e78d416c

Bug: T213415
Change-Id: I74110c6227596ff10c75f5f0b0da3d952f11a239
2019-01-24 12:42:49 +00:00
WMDE-Fisch abc070a5e0 Enable reference popups by default
It is more convinient to have the feature enabled by default and set
it to false on the production servers. This makes it easier to use and
test by CI.

Depends-On: I36b4fb7615de5ff6670b70345abf7436538a6828
Change-Id: Iad3bc723e1dd5f79e770c9a2f66190ebcd7c8b9d
2019-01-24 10:27:41 +01:00
jenkins-bot bcd2bf8dcf Merge "Rename getPageSummary to fetchPreviewForTitle" 2019-01-23 19:28:39 +00:00
jenkins-bot 3869309f23 Merge "Add reference preview type" 2019-01-23 19:28:37 +00:00
Thiemo Kreuz 57fd85fc68 Rename getPageSummary to fetchPreviewForTitle
It's not exclusively about page summaries any more.

We had a few suggestions in mind:
* get, fetch, request, or issueRequest. But I feel these are all to
  generic and don't describe well what the method does. As a reminder:
  It expects a Title object and returns a promise, which returns a
  PreviewModel object, which contains an HTML "extract".
* fetchPreview? I feel this can still mean to many things.
* fetchPreviewModel? But we don't really need to repeat that it will
  return a model object.

So I went for fetchPreviewForTitle. What do you think?

Bug: T213415
Change-Id: Icb32c63cec82f72453dc1507c9f8b8d461fd4f4c
2019-01-23 17:50:19 +01:00
Thiemo Kreuz 671c39ef4a Add reference preview type
This adds support for preview popups on reference/footnotes from
the Cite extension. For that a new preview type was introduced and
integrated into the existing structures.

The essential starting points were this code comes into action are
added behind the feature flag introduced in the previous patches.

Bug: T213415
Change-Id: Ie0ccb03117bd654373d0f458b62cc52018361c67
2019-01-23 12:12:36 +01:00
Translation updater bot 926d744145 Localisation updates from https://translatewiki.net.
Change-Id: I89ca0f672720925fd393ddb6cdc55ae3506ef384
2019-01-22 22:17:42 +01:00
jenkins-bot 4800c27d34 Merge "Add feature flag to disable reference previews by default" 2019-01-22 15:42:19 +00:00