Commit graph

14 commits

Author SHA1 Message Date
Reedy 3b337af58d Namespace extension
Change-Id: I7f64539f1c9c4c03088e28e99f77a9acc503f627
2022-02-06 15:05:09 +00:00
Roman Stolar cacfbe6a4f Override ContentHandler::validateSave instead of Content::prepareSave.
Prepare override for TemplateStylesContentHandler, remove usage in TemplateStylesContent.

Bug: T287159
Depends-On: I7f23e6e97b1c7d27a6aaefdb88b19b2fc6e8b3a8
Change-Id: I4d89a5871c8be9101b356dafe68fcbc0cf69f6ee
2021-11-04 13:51:27 +02:00
libraryupgrader fc53ceddcb build: Updating mediawiki/mediawiki-codesniffer to 37.0.0
Change-Id: I49c9642f0fd7782ee739c4a6943a1567f4da8c4d
2021-07-24 02:37:32 +00:00
libraryupgrader b2ee2313c3 build: Updating composer dependencies
* mediawiki/mediawiki-codesniffer: 35.0.0 → 36.0.0
* php-parallel-lint/php-parallel-lint: 1.2.0 → 1.3.0

Change-Id: I0105b425acd5e65b15c789015cdc9144a2d4f8f1
2021-05-04 09:54:28 +00:00
Umherirrender af68773fd1 build: Swap deprecated @codingStandardsIgnore to phpcs:ignore
Bug: T278594
Change-Id: I356955fd31ffa77f8527212a23ddb829941b9505
2021-03-27 00:59:00 +01:00
James D. Forrester de4ea4d91a build: Upgrade mediawiki-codesniffer to v28.0.0
Change-Id: I703c20b1a3f5687a8488a30a57b1d14d79336be0
2019-10-15 15:59:23 -07:00
Max Semenik c874b0c4bc @expectedException is deprecated
Bug: T234597
Change-Id: Ieeb352cb37822b9eabc5179d7a30fb137070639b
2019-10-11 19:39:58 -07:00
Brad Jorsch f7bf5a4e23 Add "wrapper" attribute to <templatestyles/>
The wrapper attribute may contain an extra CSS simple selector to
include when prefixing. For example, including a template as
<templatestyles src="..." wrapper="div.my-template"/> would transform

 .foo .bar { color:red; }

into

 .mw-parser-output div.my-template .foo .bar{color:red}

This can allow particular templates to opt in to the "styles are scoped
to the template itself" model that was desired by some when
TemplateStyles was being designed; the driving use case in the linked
task is doing so for the benefit of side-by-side comparisons of the
current and sandboxed versions of a template.

Bug: T200441
Change-Id: If49d4c5be31feca95abd21452238fd10ab1916b1
2018-10-17 14:17:59 -04:00
Kunal Mehta da954dd045 Don't use stashMwGlobals()
Being deprecated in I23d77398e4.

Change-Id: I9315111c86599472887c616658ac25ba7979d340
2018-10-07 22:02:48 -07:00
Brad Jorsch f99d171c80 Fix coverage
* Fix test for TemplateStylesFontFaceAtRuleSanitizer so it's actually run
* Hack up a broken Sanitizer to test a code path in
  TemplateStylesContent::sanitize() that handles such things.
* Ignore an InvalidArgumentException in TemplateStylesContent::processError()
  that's not worth checking. User input can't hit that, only logic bugs.
* Ignore TemplateStylesHooks::getConfig(), it's tested but gets called
  before PHPUnit starts counting.
* Test TemplateStylesHooksTest::onCodeEditorGetPageLanguage()
* Test $wgTemplateStylesDisable
* Test a back-compat code path in TemplateStylesHooks::handleTag().

Change-Id: I7078e5a353a624aa53fe72de7990b93a77b44cf6
2018-02-05 22:36:58 -05:00
Kunal Mehta 5ba45a396b Add @covers tags
Change-Id: Ie87849bc9dcc0b26363c9475930c967841e6a7f7
2018-02-05 18:19:30 -08:00
Brad Jorsch 5fd77aa0d7 Update css-sanitizer to v1.0.2
Also fold a unit test into the normal function since we don't have to
have two valid responses based on css-sanitizer version.

Change-Id: I107c8b911781924ce9cc0730257243b9cb1592a6
2017-06-13 17:09:48 -04:00
Brad Jorsch b04bd96f58 SECURITY: Reject stylesheets containing "</style"
Premature closing of the style block === HTML injection vector.

Bug: T167812
Change-Id: I34c5f200c689a56d340bce70ffebbf58d27b499e
2017-06-13 11:52:07 -04:00
Brad Jorsch b301a30abf Use wikimedia/css-sanitizer, and rewrite the hooking
wikimedia/css-sanitizer provides a real CSS parser, which should be
safer than poking at things with regular expressions.

Instead of the strange hybrid model that tried to both process inline
CSS and save CSS when the template is saved, it now looks for
<templatestyles src="Title" /> during the parse to do all the
transclusion of styles.

The output method is "<style> tags in the body", pending someone
implementing T160563.

It now also registers a "sanitized-css" content model, which should pick
up the CSS syntax highlighting and will validate the submitted CSS on
submit and prevent a save if it's not valid.

This patch also takes advantage of LGPL-2.x § 3 to relicense the
extension as GPL-2.0+, although at this point none of the LGPL code
remains anyway.

Bug: T133408
Bug: T136054
Bug: T135788
Bug: T135789
Change-Id: I993e6f18d32a43aac8398743133d227b05133bbd
Depends-On: If4eb5bf71f94fa366ec4eddb6964e8f4df6b824a
2017-06-07 15:14:09 +00:00