Commit graph

2228 commits

Author SHA1 Message Date
Thiemo Kreuz 5bc4ed8f9f Exclude links in popups to trigger other popups
We discovered a bunch of possible solutions (see previous patch sets),
including replacing the `$( document )` selector with a more specific
one. That idea does not pass the linter.

Very late I realized the original selector starts with
`#mw-content-text`. This heavily limits where popups are allowed to
appear: really only in the main text content area.

We should limit reference popups to the exact same scope.

This fixes the issue described in T215195. Before, the content of the
popup was covered by the selector. Reference links *inside* the popup
would trigger another popup, which makes the current popup disappear.
Now the popup itself is not covered by these event handlers any more.

Bug: T215195
Change-Id: I142aee68abbd57ca321873855fef9209e0db0bbf
2019-02-12 13:47:27 +01:00
jenkins-bot 8f91d522dc Merge "Hygiene: improve jQuery JSDoc type checking" 2019-02-12 09:17:48 +00:00
Nicholas Ray 53001bee4c Move browserslist targets to new file and change targets
Make targets consistent with Mobile Frontend's .babelrc
and put them into a .browserslistrc file.

This did not change the build files.

Change-Id: Ic4fe13c9e4423d4bb5e6da5fce9039d04a9a215f
2019-02-11 17:37:03 -07:00
jenkins-bot 5752b3feb1 Merge "Move possibly expensive title parser construction down" 2019-02-11 22:28:19 +00:00
Stephen Niedzielski e2cce6883a Hygiene: improve jQuery JSDoc type checking
Add jQuery types. The JSDocs use TypeScript-compatible typing but tools
such as Visual Studio Code and WebStorm requires the definitions be
supplied. Popups will require these definitions to enable any future
automated type checking too.

Change-Id: I27b5cb052c5ad353322181b0f0ffa4fa56ac1d9f
2019-02-11 15:02:10 -07:00
Translation updater bot a981c2f48b Localisation updates from https://translatewiki.net.
Change-Id: I4700964bcae76b3d940cf158ec5f391e140fb8c2
2019-02-11 22:28:16 +01:00
Thiemo Kreuz 0686f40069 Move possibly expensive title parser construction down
There are a few cheap checks done before this regular expression is
even needed, most notably the check for a pretty URL (without query
parameters). Since the vast majority of links processed by this parser
are pretty, I believe this optimization is worth it.

Change-Id: I730b87dc010161e8bc3f311c517293c0ad553326
2019-02-11 19:07:02 +01:00
Derick Alangi 523f207ccd Use $config instead of $conf for consistency purposes
So $config is used instead of $conf for consistency and this
is how it's used across many many Wikimedia repos (exts) and
even in core.

Change-Id: Ia8e7335bf6892628e0a8b5d901776d726a8ad743
2019-02-11 13:33:37 +01:00
Translation updater bot 1180a80ee5 Localisation updates from https://translatewiki.net.
Change-Id: Ic186745729c8c1b5e5208eb0ed0cd2f53e05ccc9
2019-02-10 22:18:51 +01:00
Thiemo Kreuz d45c6cd273 Move thumbnail rendering code into pagePreview renderer
This is now possible since the render functions return jQuery objects.
All this code is exclusively used in the pagePreview.js file, and
doesn't need to make the already very big renderer.js file even
bigger.

Note the tests for all renderers have always been collected in a
single file. That's why the test case does not move.

Change-Id: I0c24638751c5f0e93d2bc0f3f4bb61fa0cf50d15
2019-02-08 11:30:00 -07:00
Thiemo Kreuz 7383a4e1ef Make renderSettingsDialog() return a jQuery object
For consistency with the other render…() methods that now all behave
the same.

Change-Id: I0fe581e6d1daeafc969ec4bfbcf18b363f702475
2019-02-08 16:08:05 +01:00
WMDE-Fisch afa9009daf Test for element id passing
This just adds a simple test if passing the id of the clicked
reference source footnote works.

Bug: T213905
Change-Id: Ifc6549aa0203f19a5b24fa854b0aaf0cfb25674d
2019-02-08 11:12:32 +00:00
jenkins-bot 84fcf752dc Merge "Localisation updates from https://translatewiki.net." 2019-02-07 21:31:02 +00:00
Translation updater bot a4f38c7476 Localisation updates from https://translatewiki.net.
Change-Id: Ie32341d1fb83fc55d67298b4b2fd6bdbf7478c80
2019-02-07 22:28:49 +01:00
WMDE-Fisch 12a8aa3a86 Trigger click on source footnote link
To make sure that we enable the link highlighting in the Cite extension we want
to trigger the click handler on the original footnote link. This is done by
passing the id of the source element to the model and the renderer.

Bug: T213905
Change-Id: I0bd59ac326269f3c0850946851fb79b611dc2a57
2019-02-07 14:15:45 -07:00
WMDE-Fisch 0b64e803f2 Move gateway typedefs to gateway index
When we started reorganising the code around the gateway selection
we forgot moving the docs and typedefs from the (now) more specific
page.js file to the (now new) index.js. - This patch fixes that.

See also I5efa9fb8f63f1487c627eb9a3f1fe47f43c611cc

Change-Id: I7b3582882247e22497d3a37b896a8a7c9950cf0d
2019-02-07 16:29:04 +01:00
libraryupgrader 182bfafec3 build: Updating mediawiki/mediawiki-codesniffer to 24.0.0
Change-Id: I2ba5692241f1e9983304f8c9e3a9f960429a4616
2019-02-07 03:16:07 +00:00
Translation updater bot ce2165fb96 Localisation updates from https://translatewiki.net.
Change-Id: I8dc50709f133592bb80bba29189cdbf395961d76
2019-02-04 22:15:43 +01:00
jenkins-bot e2770af712 Merge "Mark reference preview content area as "mw-parser-output"" 2019-02-04 19:44:43 +00:00
jenkins-bot 20088006d9 Merge "Make all render functions return jQuery objects instead of strings" 2019-02-04 19:44:41 +00:00
Thiemo Kreuz fb56a2e729 Mark reference preview content area as "mw-parser-output"
This CSS class is used by the regular wikitext content area, and used
by certain CSS selectors (e.g. the external web link arrow).

The DOM structure for each popup is (intentionally) created outside
of this scope, at the end of the current page's body. This works
great for page previews because the do *not* want to share any styles
with the rest of the page. But reference previews want to do this.

In this patch I also remove the inner <span>. It was misplaced (note
the name) and resulted in block elements nested in an inline element.

Bug: T214463
Change-Id: I740e37a2ed929edf971b348fbf20e5fb12012d37
2019-02-04 12:37:11 -07:00
jenkins-bot 86cf91728a Merge "QA: Test page in Selenium needs a lead section" 2019-02-04 13:48:25 +00:00
jenkins-bot a8c1305e73 Merge "Streamline jQuery object creation" 2019-02-04 13:35:40 +00:00
Thiemo Kreuz 90d7edb17c Streamline jQuery object creation
As discussed, the $( '<a>', { id: 'foo' } ) syntax is bogus because
plugins are able to *change* it. It's not just a list of attributes,
but whenever there is a method with the same name, that method will be
called instead. This means the result of this feature is unpredictable.

This patch also streamlines a few other jQuery calls that can be
shortened.

Bug: T214970
Change-Id: Ib58b8673c7ce41139f926c845c1b3adfbfde1b26
2019-02-04 14:19:55 +01:00
WMDE-Fisch 5f602c985c Fixed typo
Change-Id: I9c61f3dcf059884ec7ea16f601009d72b26e0cda
2019-02-04 12:37:16 +00:00
Translation updater bot 3fd69671af Localisation updates from https://translatewiki.net.
Change-Id: I6f18f02c1b7e503e210a01ee57d375e2d4616af0
2019-02-03 22:38:43 +01:00
jdlrobson 364abd75b5 QA: Test page in Selenium needs a lead section
A lead section is essential for a summary in the /restbase/
content service. On commits we test the mediawiki endpoint but
against beta cluster we test the restbase endpoint.

I overlooked this in If855c7c0a2ad65d96d03d6a1411b453ecbe8752b

Bug: T214974
Change-Id: I9959d7ae463c4e1d4fa5345fdb59fe1b2152d49e
2019-02-01 23:03:36 -08:00
jenkins-bot 85d00ea85f Merge "Adapt Popups browser tests to recent breaking change" 2019-02-02 01:04:43 +00:00
jdlrobson a8b9dc6c07 Adapt Popups browser tests to recent breaking change
The previous Popups test page pointed to the "Main page" which as
of Ie15487184a7f9fc08603fc42cfad3aeac6642dcc has specially handling

This makes a new test page "Popups test page 2" that is linked to from
"Popups test page" which previously linked to the Main page which
now leads to the display of a broken Popup

This gets our test fixed but the problem with main page previews
will remain (T215080)

Bug: T214974
Change-Id: If855c7c0a2ad65d96d03d6a1411b453ecbe8752b
2019-02-01 15:56:18 -08:00
Thiemo Kreuz c35715bdec Make all render functions return jQuery objects instead of strings
This gets rid of a little bit of code duplication, and makes the
interfaces all conform to one standard again after I05ed4b8 left them
in a little inconsistent (but properly documented) state.

Bug: T214970
Change-Id: If8407c1a48aff1cb31fc2e74b3c2b846e79a3cb5
2019-02-01 12:49:53 +01:00
Thiemo Kreuz 67ceeaeeed Inline code setting target="_blank" in renderReferencePreview()
As discussed in Iaadcce9. This does have a few benefits:
* Less code in the already pretty big render.js file.
* The code setting the target attribute is much closer to where it
  belongs: in the file that specifies how the content of a reference
  popup should look and behave.
* The class name "mwe-popups-extract" is not mentioned in two different
  files, but in the same.

Note this changes the signature of this src/ui/templates/… file to not
return an HTML string any more, but a jQuery object. The other templates
still return strings. I believe this is fine, and not that much of a
difference anyway. The signatures don't need to be identical. And the
jQuery object still represents the exact same HTML as before.

If it helps we could change all templates/… signatures accordingly.
Could be done in this or a separate patch.

Bug: T213908
Bug: T214970
Change-Id: I05ed4b886f79c5ae748f53ab9fed965dfd217620
2019-02-01 12:46:29 +01:00
jenkins-bot 870ddbb4a7 Merge "Simplify mediaWiki.msg mock in renderer test" 2019-02-01 11:34:39 +00:00
Thiemo Kreuz 03ef969122 Show reference previews only on self-links
This solves the (I believe) only regression we introduced: A bad fake
reference like <span class="reference">[[Other article#Section]]</span>
showed a page preview for the "Other article" before we introduced
reference previews, but would have shown nothing after I9ec57e0.

Checking if the link is a self-link solves this and possibly more related
issues. Only self-links can point to a footnote on the same page.

Manually created fake-references like
<span class="reference">[[#Section]]</span> still have a chance to show
nothing in case the manually created HTML does not strictly follow the
expectations in the gateway. There is not much we can do about this. We
should not accept any arbitrary HTML but need to make at least *some*
assumptions.

Bug: T214970
Change-Id: I86e91bf45c3ae4c6a4086f7f1c7b1280fd400d17
2019-02-01 12:14:06 +01:00
Thiemo Kreuz f1fd3eafc4 Mark optional elements in the PreviewModel specification as such
We updated this documentation just recently via Ie370cfe. We followed
what the createModel() function does. But this is not the only way a
PreviewModel object can be created. Reference previews, for example,
don't use it.

Instead of following createModel(), I checked what the different popup
types actually use.

Bug: T214970
Change-Id: I2c4293a48387836dc30e18d10d952b4a26e6f2b5
2019-02-01 11:50:43 +01:00
Thiemo Kreuz 7db6508a77 Remove unused model elements from renderer tests
I do find these very confusing and would like to remove them:

* The test setup looks like these popup types are going to use
  these properties. But they don't. They are not even trying to
  access these properties.
* There are no assertions that make sure these properties are
  *not* used. It would be possible to add something like this,
  but I honestly think this is not worth it.

We might need to reflect this in the PreviewModel documentation
in src/preview/model.js. I would like to do this in a separate
patch.

Bug: T214970
Change-Id: I136112bfea7f732d2673bcb8c69aba9defe6ba85
2019-02-01 10:41:58 +00:00
WMDE-Fisch 0c0226c4ee Add and fix gateway/page module
Change-Id: Icd8e9e3a6f643ebba0c2bb9b4fcb84e1260d41ca
2019-02-01 11:14:00 +01:00
jenkins-bot 9ba5129777 Merge "Tests for the code deciding on the general gateway type" 2019-02-01 09:55:32 +00:00
jenkins-bot c9cbfb61b1 Merge "Factor out gateway selection" 2019-02-01 09:50:53 +00:00
WMDE-Fisch 9e641dfc86 Tests for the code deciding on the general gateway type
This tests the newly introduced code that decides if page or reference
previews should be used in the handling of a dwel event.

Bug: T214971
Change-Id: Ib20d00b7b9ee9b1ed82763137ec62e468e8f05f9
2019-02-01 10:35:27 +01:00
WMDE-Fisch dbb7e0fbdc Factor out gateway selection
This is mainly done to increase testabilty of this part. I am a bit
unsure if this should ( have been ) integrated in the former index.js
that's now the page.js. - See also the refactoring done before.

Bug: T214971
Change-Id: I90d0441510bc1ec0b4900a392afcbaff6a552377
2019-02-01 10:14:00 +01:00
Thiemo Kreuz 13015ad317 Fix a series of minor documentation issues in PHP code
E.g. type hints that have been missing, missing indention, and such.

Change-Id: I34610a03ad69d7988e9976a08a289c64121420ca
2019-02-01 09:42:14 +01:00
Translation updater bot 67f8129d17 Localisation updates from https://translatewiki.net.
Change-Id: I5b1994da1ca78fcd353327f19d9cd2a3b279e98d
2019-01-31 22:26:17 +01:00
WMDE-Fisch 31ee16938c Rename page gateway file
This is as preparation to introduce a gateway switch that decides if the
page or reference gatway should be selected. Moving that code to it's own
realm makes that path better testable.

Bug: T214971
Change-Id: I5efa9fb8f63f1487c627eb9a3f1fe47f43c611cc
2019-01-31 12:09:12 +01:00
Ed Sanders e1c4e94b23 build: Update eslint-config-wikimedia to 0.10.0
Also enable jquery ruleset.

Change-Id: Ie1f43d0335ea2aad1e2dd5d86b775316105c3d90
2019-01-31 11:05:33 +01:00
jenkins-bot ca8353cfbe Merge "Fix a series of issues with misdetected reference elements" 2019-01-31 09:36:00 +00:00
jenkins-bot 83ccfd34e9 Merge "Fix inconsistent font size in reference popups" 2019-01-31 09:30:58 +00:00
Thiemo Kreuz 515775685c Fix a series of issues with misdetected reference elements
This installs a series of safety nets:

* The selector [href*="#"] skips links without a fragment.

* It's still possible that a fragment exists, but is empty.
mwTitle.getFragment() checks this.

* The gateway does not assume the element exists, but checks this first.
If there is no such element, the gateway aborts the request in a way
that no error popup is shown. This is currently only possible with the
`{ textStatus: 'abort', xhr: { readyState: 0 } }` response as seen in
this patch. We might need to introduce a new, more clean way to silently
quit a fetchPreviewForTitle() call.

* The test for the reference gateway finally covers the scraping code.

Bug: T214970
Bug: T214971
Change-Id: I9ec57e0fbb0d21beaaa7b359c1c2bef64d2c14f5
2019-01-31 10:29:46 +01:00
Translation updater bot f3c4978b2b Localisation updates from https://translatewiki.net.
Change-Id: I5f1a7542627d1ce9828bc8f28df069b529efa1f9
2019-01-30 22:14:26 +01:00
Thiemo Kreuz 093ebf4725 Fix inconsistent font size in reference popups
See T213905#4908901.

Bug: T213905
Change-Id: Id52575f336498bc7f4f313ad838925b0eccdc7f4
2019-01-30 20:15:54 +01:00
Thiemo Kreuz a8859658f5 Add missing HTML escaping to all existing page preview types
Including tests for all situations.

I believe it is impossible or extremely hard to actually abuse any of
these places. All these data are not extracted from the current page, but
delivered either by MediaWiki's api.php or a RESTful endpoint, as
configured via $wgPopupsGateway and $wgPopupsRestGatewayEndpoint. A
possible attacker would need to write it's own endpoint (which must either
run on the same server or somehow ignore the CSRF token), and set the
value of mw.config.values.wgPopupsRestGatewayEndpoint on the client to
this endpoint – which requires just *another* attack vector to be able to
do this.

It's "the right thing"(tm) to escape all this anyway.

I found two possibly relevant security reviews of this extension, T88171
and T129177, resolved in 2015 and 2016.

Bug: T88171
Bug: T129177
Bug: T214754
Bug: T214971
Change-Id: I1d118c9ccaea434a253a772d18139b9b077118ab
2019-01-30 18:29:14 +01:00