Commit graph

1692 commits

Author SHA1 Message Date
libraryupgrader be13e39358 build: Updating mediawiki/phan-taint-check-plugin to 1.3.0
And updating CoC link to use Special:MyLanguage (T202047).

Change-Id: I9ff0c587dc1807a9ee5424b11d09d74f5ef5fe00
2018-08-19 15:37:11 +00:00
Stephen Niedzielski 76195013be Doc: fix typo
Change-Id: I14fc469a735d8838f093fbd0b23e8f5235b4dfc9
2018-08-14 12:42:56 -05:00
Translation updater bot 9840679042 Localisation updates from https://translatewiki.net.
Change-Id: I242877cf49a66d3a96849a8ce4d96a62895d93b7
2018-08-13 22:14:49 +02:00
Translation updater bot 25eed1125e Localisation updates from https://translatewiki.net.
Change-Id: I19a154672c95492b016ce641dede646021f7b8d3
2018-08-10 22:18:54 +02:00
Nicholas Ray 6a25f70ad5 Use window.devicePixelRatio instead of deprecated jQuery.hidpi
jQuery.hidpi was deprecated by T127328
(https://gerrit.wikimedia.org/r/441614). This repo used the
"bracketedDevicePixelRatio" function from that plugin. Since browser
compatibility is good now for window.devicePixelRatio, this commit adds
a function which relies on that instead.

Bug: T198579
Change-Id: I56c234048d7741f12f35bfff5f7319c6e085c29f
2018-08-10 10:00:28 -06:00
jdlrobson a714eda573 Revert "Whole popup area should be clickable"
This change made it impossible to open links in new tabs.
Reverting so we can try again.

This reverts commit ff5bfd1d04.

Bug: T200940
Change-Id: I10a387df8bdeb891f8d8be0eb9075f0d324646b6
2018-08-08 21:26:07 +00:00
Volker E ed529488f8 Manually optimize & reduce SVG markup
Reduce and optimize SVG markup by
- removing unnecessary `id` attributes,
- lowercasing hex colors following code standard
- merging repeating `fill` attributes in `<g>` elements and
- following `<svg>` root element attribute sequence as anywhere else

Change-Id: I71df1df5fee0c363df41a996b5ec32d587b76f56
2018-08-08 17:09:15 +02:00
Stephen Niedzielski f96762880b Fix: viewBox in cog.svg and sad-face.svg
svgmin was removing this attribute from cog when the capitalization was
incorrect and sad-face never had it.

Bug: T185596
Change-Id: I980694f4a611ea8fd13d6c1419dbed6d49f4d94e
2018-08-08 09:19:55 -05:00
jenkins-bot 3d426ba630 Merge "build: Bring SVGO optimization to build step" 2018-08-08 11:03:01 +00:00
Umherirrender c65c1d9f95 Declare class fields in PopupsContext
Change-Id: If5754d49d4abdcd946e7958e22eede7d33008851
2018-08-07 09:48:23 +02:00
Translation updater bot c25209421d Localisation updates from https://translatewiki.net.
Change-Id: Ibb9eb6228a4965cfde9d9c020502d047da069e31
2018-08-06 22:22:26 +02:00
Kunal Mehta 0ae3a127d5 Configure phan-taint-check-plugin
The plugin checks and flags potential security issues (XSS, SQLi, etc.)
using static analysis.

See <https://www.mediawiki.org/wiki/Phan-taint-check-plugin> for more
details.

Bug: T201219
Change-Id: I307dc7848562ba7db9b0aca4085b135a314cd66f
2018-08-03 21:30:01 -07:00
Translation updater bot 2d56971b89 Localisation updates from https://translatewiki.net.
Change-Id: I3f5eb07a66353a889b4698ec374c60b35a07c9d8
2018-08-01 22:10:41 +02:00
Volker E f47e333ff1 build: Bring SVGO optimization to build step
Enabling SVGO automation with 'grunt-svgmin' and conservative
plugin settings to build step, among those:
- enable removeRasterImages and sortAttrs,
- disable cleanupIDs, removeDesc, removeTitle, & removeViewBox as
  described in
  https://www.mediawiki.org/wiki/Manual:Coding_conventions/SVG#Exemplified_safe_configuration
- disable removeXMLProcInst; if the SVG doesn't start with an XML
  declaration, then it's MIME type will be detected as "text/plain"
  rather than "image/svg+xml" by libmagic and, consequently, MediaWiki's
  CSSMin CSS minifier. libmagic's default database currently requires
  that SVGs contain an XML declaration:
  <https://github.com/threatstack/libmagic/blob/master/magic/Magdir/sgml#L5>.
- make use of pretty and multipass options.

Settings are stored in a JSON file to be independent of the Grunt build
process. Also updating SVG accordingly.

Bug: T185596
Change-Id: I715ad4cf2e900665e4c32c78b4c2d9d9cebf0222
2018-08-01 10:51:43 -05:00
libraryupgrader c42b25585b build: Updating mediawiki/mediawiki-codesniffer to 21.0.0
Change-Id: Ibd1a92e09449b26d73053a0ef1f266c03729c2c0
2018-07-27 13:42:06 +00:00
Stephen Niedzielski 8ba5c0f773 Hygiene: make JSDoc configs consistent
Make the Popups, MobileFrontend, and MinervaNeue JSDocs consistent. For
Popups, specify package.json, readme, and default template options and
moved doc/ to docs/ and autogenerated JavaScript documentation from
doc/autogenerated to docs/js.

http://usejsdoc.org/about-configuring-jsdoc.html
http://usejsdoc.org/about-commandline.html
http://usejsdoc.org/about-configuring-default-template.html

Bug: T188261
Change-Id: I81e64f06265f1ecc4e2ee159deef9b204ea7e957
2018-07-23 14:45:14 -05:00
Translation updater bot 9b15c940c0 Localisation updates from https://translatewiki.net.
Change-Id: I3481832413cae702316a46dfffdd2d08219f32e2
2018-07-21 22:12:00 +02:00
Translation updater bot 0c36b81cbe Localisation updates from https://translatewiki.net.
Change-Id: Id4e63ed681541852f7216220aa55542cc4debc80
2018-07-19 22:30:54 +02:00
Antoine Musso 1cff4a15a7 QA: Selenium no more needs wgUsejQueryThree
$wgUsejQueryThree was a transient setting that has been removed with
MediaWiki 1.31.  It is thus no more needed in the Selenium
LocalSettings.php file.

Bug: T199939
Change-Id: I74565cc81ff3704d2d91c8768b0e8f8ee7a4dcc3
2018-07-19 15:57:47 +02:00
Translation updater bot 9e85e9b00e Localisation updates from https://translatewiki.net.
Change-Id: I38db0ab24751a0c6e2d54ec32f3e4bd001119de6
2018-07-18 22:12:40 +02:00
jdlrobson 69efbfc377 Enforce eslinting for jsdoc
Let's improve our documentation by linting it and ensuring it
is complete and matches guidelines

This fixes offenders

Change-Id: I7c829b375705e763085cf731e9a77cc14339af67
2018-07-17 08:21:01 -05:00
Stephen Niedzielski ab7a5808ef Hygiene: update JSDoc boxed and JQuery types
Although Popups only uses JSDocs at this time which seemingly doesn't
care about casing[1], we should endeavor to use the proper return types.

This patch lowercases typing to indicate primitive / boxed type as
appropriate.[2] As a special case, function types are uppercased for
compatibility with TypeScript type checking.

Lastly, JQuery types are of type "JQuery". The global JQuery object's
identifier is "jQuery". This patch uppercases J's where appropriate.

[0] https://github.com/jsdoc3/jsdoc/issues/1046#issuecomment-126477791

[1] find src tests -iname \*.js|
    xargs -rd\\n sed -ri '
      s%\{\s*([?!])?(number|string|boolean|null|undefined)%{\1\L\2%gi;
      s%\{\s*([?!])?(function|object)%{\1\u\2%gi;
      s%\{\s*([?!])?jquery%{\1JQuery%gi
    '

Change-Id: I771bdbb69dc978796a331998c0657622ac39c449
2018-07-17 08:20:08 -05:00
Translation updater bot 84d6be1a85 Localisation updates from https://translatewiki.net.
Change-Id: I7776cfa95cefbb57a3cfa4fc687ec7b9e9822c8d
2018-07-16 22:20:18 +02:00
jenkins-bot 6c802dfded Merge "Fix: mw-node-qunit package reference" 2018-07-13 17:46:14 +00:00
Piotr Miazga 4684b39841 Hygiene: use actionsTest consts instead of hardcoded states
The unit tests should use defined action types instead of hardcoding
each state.

Change-Id: I6769ba057e93239e1c720c3bfa050c618ea63978
2018-07-13 17:12:49 +02:00
Piotr Miazga c823a0e6cb When request gets aborted it shouldn't finish with FETCH_FAILED
Whe user moves mouse away and we abort the http request we shouldn't
count that request as a FETCH_FAILED. The reasoning behind is that
FETCH_FAILED state increments the counter.PagePreviewsApiFailure.
Our StatsD graph gets polluted with lots of aborted requests and it
becomes unsuable. It doesn't show only the failed requests.

Changes:
 - introduced new state: FETCH_ABORTED
 - switch to FETCH_ABORTED when browser aborts the request

Bug: T199482
Change-Id: I58047eb80f0700b78b2991daff9395ecc92553b8
2018-07-13 16:52:53 +02:00
Stephen Niedzielski 89df27595b Fix: mw-node-qunit package reference
Update the mw-node-qunit require to @wikimedia/mw-node-qunit. 2d150f0
missed this and it caused tests in CI to silently succeed.

Bug: T197251
Change-Id: I9de597b0e9afc747c47bddc6debcbe5b87bcd793
2018-07-13 07:47:30 -05:00
jdlrobson 10e6e25091 Upgrade eslint-config-wikimedia
* Force arrow-parens
* Disable no-prototype-builtins for time being
* Drop unnecessary maxlen rule

Change-Id: Iceb0fe47354a5753202d2c6ad9e1a9c76791f744
2018-07-13 07:42:12 -05:00
jenkins-bot 147f5a4fa1 Merge "Properly handle catch() when calling gateway fetch." 2018-07-12 22:47:07 +00:00
Piotr Miazga 2527f931a2 Properly handle catch() when calling gateway fetch.
Previous implementation did not pass the `result` variable
to the catch() statement. Because of that every execution that
ended with exception inside fetch() statement was threated as
not a network exception and tried to present the null preview.

Changes:
 - properly handle data returned by rejected fetch promise
 - chaged the big if (result && result....) into something easier
 to read
 - pass Error object instead of 'http' string
 - Restbase can return exception, it doesn't have to handle the 404
 errors by itself, it's already taken care in the catch() logic
 - fixed unit tests to reflect new logic in restbase gateway

Bug: T199482
Change-Id: Ibb30fc58248623d9ad4c5388a5b2ff9b387e01de
2018-07-13 00:02:59 +02:00
jenkins-bot 1ca683fb3f Merge "Tweak page previews margin for consistency" 2018-07-12 19:45:51 +00:00
Translation updater bot 206388eb26 Localisation updates from https://translatewiki.net.
Change-Id: Iceed7282e4028091cdb00381ed1e2e056b562d40
2018-07-11 22:39:48 +02:00
jdlrobson bce82dab1f Tweak page previews margin for consistency
Bug: T198663
Change-Id: Ice5c24015371d6f2f67076698314537944bf8705
2018-07-11 11:45:59 -07:00
Stephen Niedzielski a0dc96cac9 Hygiene: consistently refer to globals directly
Instead of mixing window.mediaWiki / mediaWiki and window.jQuery /
jQuery references, always refer to globals which exist whether code is
executed in browser or headless Node.js environments.

  find src tests -iname \*.js|
  xargs -rd\\n sed -ri 's%window.(mediaWiki|jQuery)%\1%gi'

Change-Id: I21d0a602dcbd2bc6774934bee6c487e443270fe0
2018-07-09 08:46:40 -05:00
jenkins-bot f0a19b6f18 Merge "Hygiene: forbid unused lint directives" 2018-07-06 22:22:56 +00:00
Translation updater bot 1dd9c4a16b Localisation updates from https://translatewiki.net.
Change-Id: If58e9f0fd6ec418ea75edc3e14d6ec6ef93ce23f
2018-07-05 22:44:04 +02:00
Piotr Miazga c1d281f0dc Send the Accept-Language header when calling API
Changes:
 - added acceptLanguage as a config option passed to
 both mwApi and restbaseApi, by default code will use
 the language defined in `wgContentLanguage` config
 variable. The `wgContentLanguage` is always defined
 (see ResourceLoaderStartUpModule::getConfigSettings())
 so there is no need for checking the variable existence.

The new logic was tested both on MediaWiki API and Restbase API

Bug: T198619
Change-Id: I1cb31f1999fd674a8b870b2b5effb92ed3dfaa1f
2018-07-05 11:31:55 -07:00
Stephen Niedzielski ce8a2d4c3f Update: cancel unused HTTP requests in flight
Whenever an HTTP request sequence is started, i.e. wait for the fetch
start time, issue a network request, and return the result, abort the
process if the results are known to no longer be needed. This occurs
when a user has dwelt upon one link and then abandoned it either during
the fetch start wait time or during the fetch network request itself.

This change is accomplished by preserving the pending promises in two
actions, LINK_DWELL and FETCH_START, and whenever the ABANDON_START
action is issued, it now aborts any previously pending XHR-like promise,
called a "AbortPromise" which is just a thenable with an abort() method.
There is a similar concept in Core:
ecc812f06e/resources/src/mediawiki.api/index.js.

Aborting pending requests has big implications for client and server
logging as requests are quickly canceled, especially on slower
connections. These differences can be observed on the network tab of
DevTools and the log in Redux DevTools.

Consider, for instance, the scenario of dwelling upon and quickly
abandoning a single link prior to this patch:

  BOOT EVENT_LOGGED LINK_DWELL FETCH_START ABANDON_START FETCH_END STATSV_LOGGED ABANDON_END EVENT_LOGGED FETCH_COMPLETE

And after this patch when the fetch timer is canceled (prior to an
actual network request):

  BOOT EVENT_LOGGED LINK_DWELL ABANDON_START ABANDON_END EVENT_LOGGED

In the above sequence, FETCH_* and STATSV_LOGGED actions never occur.

And after this patch when the network request itself is canceled:

  BOOT EVENT_LOGGED LINK_DWELL FETCH_START ABANDON_START FETCH_FAILED STATSV_LOGGED FETCH_COMPLETE ABANDON_END EVENT_LOGGED

FETCH_FAILED occurs intentionally, STATSV_LOGGED and FETCH_COMPLETE
still happen even though the fetch didn't complete successfully, and
FETCH_END doesn't.

Additionally, since less data is transmitted, it's possible that the
timing and success rate of logging will improve on low bandwidth
connections.

Also, this patch tries to revise the JSDocs where possible to support
type checking and fix a call to the missing assert.fail() function in
changeListener.test.js.

Bug: T197700
Change-Id: I9a73b3086fc8fb0edd897a347b5497d5362e20ef
2018-07-04 13:48:14 -05:00
Stephen Niedzielski 2a854f7649 Hygiene: forbid unused lint directives
Prevent outdated ESLint error waivers from littering the code by
enabling `--report-unused-disable-directives`.

Change-Id: I3b9c39131f030cf2c4113ecd947c3f4a8679bdfe
2018-07-02 14:59:40 -05:00
Stephen Niedzielski 89e592183f Hygiene: enable Redux DevTools for debug builds
Redux DevTools are available in all builds by passing the `?debug=true`
query string. Since globally enabling debug significantly slows load
times, also enable support when the build is non-production (debug)
which is known at transpile time. This enables a debuggable version of
Popups in an otherwise production-like MediaWiki without changing the
Popups release build product.

Also, update the readme with a couple debug tips and flip a few bullets
from hyphens to asterisks since that seems to be more prevalent.

Change-Id: I4cab0b8069b12505dbfa840939caac196bae2750
2018-07-02 14:54:36 -05:00
Stephen Niedzielski 2d150f0aad Hygiene: update mw-node-qunit dependency package
mw-node-qunit has moved to a new NPM package, @wikimedia/mw-node-qunit.
There are no functional changes with this release but dependencies
should be kept up to date.

https://github.com/wikimedia/mw-node-qunit/blob/9a368a1/CHANGELOG.md#500

Bug: T197251
Change-Id: I25bfc541551cbc29812985df7fa05dc17f0338c5
2018-06-29 17:30:03 +00:00
jdlrobson 6c17af260c Extracts can expand with narrow thumbnails
If a thumbnail is narrow, then the extract can expand to take
the available space. It does this via JavaScript taking the difference
between the normal space for a thumbnail minus the actual space needed
to display the thumbnail.

This removes unused whitespace in both the thumbnail and extract.

Bug: T192928
Change-Id: I59e87f9160e707fbce321a567c0a68e85f6d72ec
2018-06-28 16:34:41 -07:00
Jan Drewniak 4e43f0cf9e Truncate source_url to max 1000 characters
Prevents the source_url param in virtual page-views from getting
too long and causing an error because it exceeds varnish's max-url size.

Bug: T196904

Change-Id: Idf3667c4c2ad7e0436f013c70d5ff4ebea453d7a
2018-06-28 14:30:42 -07:00
jdlrobson ff5bfd1d04 Whole popup area should be clickable
Make it so the entire popup area is clickable.
Update the click handler to reflect the actual parameter
it receives (an Event not an Element) and do not pass it
in the action, given it is unusedt

Bug: T192773
Change-Id: If80969f4759b1675278d11caaf5cb093ce72031c
2018-06-28 20:50:16 +00:00
jenkins-bot bc34ba6742 Merge "Add SVG border using polyline element" 2018-06-28 19:22:58 +00:00
jdlrobson 21c8e6213e Add SVG border using polyline element
Since we use an SVG mask, we cannot use border-left to visually
separate the page preview thumbnail from the text. We can however
make use of a polyline and programatically work out it's start and
end.

Bug: T192928
Change-Id: I0f983a80e3210b2f7e9aa197d2a632680675973e
2018-06-28 11:23:48 -07:00
Translation updater bot a7ab517dcb Localisation updates from https://translatewiki.net.
Change-Id: I3675841b43ab850d6830f5f96a48193c741bc50b
2018-06-27 22:20:00 +02:00
Stephen Niedzielski 823b6af879 Hygiene: replace tap-dot reporter
The tap-dot executable crashes on some test failure outputs.[0] This is
confusing since a test failure in itself often requires debugging. The
issue is present from v1.0.1 to the latest, v2.0.0.

Instead of downgrading, replace tap-dot with the popular
tap-mocha-reporter. This change comes with a bonus: console.log is no
longer filtered out. The benefit cannot be overstated.

[0]: https://github.com/scottcorgan/tap-dot/issues/9

Change-Id: I4ce2d2816885b7c5214f5c1863be595be0d8b1aa
2018-06-27 09:16:07 -05:00
Stephen Niedzielski bf6ee6f24e Doc: forbid JSDoc warnings & work around tag checker
The Popups' JSDocs currently generate without any warnings. Let's keep
it that way for as long as we can by enabling pedantic mode which causes
a failing exit status when warnings are emitted. This behavior can be
verified by adding adding `/** @ignore foo */`.

The JSDoc tag checker should leverage the default enabled dictionaries
but that doesn't seem to be happening[0]. For the time being, allow
unknown tags so that the full range is supported, including @template,
which are very useful for type checking. Minerva already allows unknown
tags.

Lastly, change spaces to tabs since that's what this codebase uses.

[0] https://github.com/jsdoc3/jsdoc/issues/1542

Change-Id: I0aef9f7a6ca4af28d104628cda7763ec70110413
2018-06-26 10:57:40 -05:00
Jan Drewniak 3b2480d6ce Ensure popup thumbnail images are a supported format
Prevents video files and other non-image files from being rendered as
popup thumbnails. Restricts thumbnail format to either jpg, png, or gif.

Bug: T193792
Change-Id: I7a9be5d1c8396c02ebf0893c960f65644acc9d99
2018-06-21 00:55:04 +02:00