Commit graph

296 commits

Author SHA1 Message Date
jenkins-bot fd29884a23 Merge "SECURITY: Reject stylesheets containing "</style"" 2017-06-13 21:09:40 +00:00
Translation updater bot 74b471c97f Localisation updates from https://translatewiki.net.
Change-Id: I8c956bb797fd10c1593dfa145f31fd352226d2ee
2017-06-13 22:48:29 +02:00
Brad Jorsch b04bd96f58 SECURITY: Reject stylesheets containing "</style"
Premature closing of the style block === HTML injection vector.

Bug: T167812
Change-Id: I34c5f200c689a56d340bce70ffebbf58d27b499e
2017-06-13 11:52:07 -04:00
Translation updater bot 31515af0c2 Localisation updates from https://translatewiki.net.
Change-Id: I60da77752dcffb26bade66305df5dc5cccaae8db
2017-06-12 22:49:41 +02:00
Translation updater bot 2c436aa977 Localisation updates from https://translatewiki.net.
Change-Id: Ia9a9f6e484982ee83550d11a72bad90b2fe7f88e
2017-06-11 22:44:54 +02:00
Translation updater bot 1cef13e3d7 Localisation updates from https://translatewiki.net.
Change-Id: I219a5a4c5fa9889fc02ae8c7c8b01d49da297d7a
2017-06-11 00:36:24 +02:00
Translation updater bot 190acf1fcf Localisation updates from https://translatewiki.net.
Change-Id: Ib0f38b8854aa343bb59c8d0999f5150252cfe756
2017-06-09 23:01:14 +02:00
Translation updater bot a48d893d00 Localisation updates from https://translatewiki.net.
Change-Id: I3a170e4c6b9f8013ac953fa4592589222e80dca8
2017-06-08 23:13:50 +02:00
Translation updater bot 949b5f9190 Localisation updates from https://translatewiki.net.
Change-Id: I373dafb21c9b5363840086c27052815903ae70fc
2017-06-07 22:53:59 +02:00
jenkins-bot 7b28582fcd Merge "Use wikimedia/css-sanitizer, and rewrite the hooking" 2017-06-07 15:37:04 +00:00
Brad Jorsch b301a30abf Use wikimedia/css-sanitizer, and rewrite the hooking
wikimedia/css-sanitizer provides a real CSS parser, which should be
safer than poking at things with regular expressions.

Instead of the strange hybrid model that tried to both process inline
CSS and save CSS when the template is saved, it now looks for
<templatestyles src="Title" /> during the parse to do all the
transclusion of styles.

The output method is "<style> tags in the body", pending someone
implementing T160563.

It now also registers a "sanitized-css" content model, which should pick
up the CSS syntax highlighting and will validate the submitted CSS on
submit and prevent a save if it's not valid.

This patch also takes advantage of LGPL-2.x § 3 to relicense the
extension as GPL-2.0+, although at this point none of the LGPL code
remains anyway.

Bug: T133408
Bug: T136054
Bug: T135788
Bug: T135789
Change-Id: I993e6f18d32a43aac8398743133d227b05133bbd
Depends-On: If4eb5bf71f94fa366ec4eddb6964e8f4df6b824a
2017-06-07 15:14:09 +00:00
Amir Sarabadani 64d4d1fbfa Add CODE_OF_CONDUCT.md
Bug: T165540
Change-Id: I74c42ecb002076c1198bff00ce241ada23c4df98
2017-06-07 16:16:47 +04:30
James D. Forrester 7ba77fd48f build: Replace jshint and jscs with eslint; bump other devDeps
grunt                  0.4.5  →  1.0.1
 grunt-banana-checker   0.5.0  →  0.6.0
 grunt-jsonlint         1.0.7  →  1.1.0

Change-Id: Ic59fd7fa96d7f18fd65141c1b4fd4f6baccc6d80
2017-05-25 17:31:35 +02:00
Antoine Musso 0fe99941e1 build: add jakub-onderka/php-console-highlighter
Highlight PHP code when parallel-lint fails

Change-Id: Ie7582baa805457a0445a119bfd5fb859f693e51f
2017-05-05 21:40:02 +02:00
Umherirrender de34a26818 Add fix phpcbf command to composer.json
This allows to use the phpcbf easily

Change-Id: Ib8fb40c6fcb94215ea94cd0b2b7b6272309425e4
2017-04-29 13:07:12 +02:00
Umherirrender 95deb18b3f Use tabs to indent in json
Change-Id: Ifba40f1902bee0ce50fdb1296b5603a5117aa8cf
2017-03-23 19:31:51 +01:00
Translation updater bot 3191102c54 Localisation updates from https://translatewiki.net.
Change-Id: I2c99d7934b23d80a1a151705e54979c09f41e9f8
2017-01-01 10:13:14 +01:00
Translation updater bot 9ab859863c Localisation updates from https://translatewiki.net.
Change-Id: I994cfaf919031c04aae3b8081062d67c3612193c
2016-12-12 22:41:07 +01:00
Translation updater bot da0633a51f Localisation updates from https://translatewiki.net.
Change-Id: I72b75671491612b1f4be8878df2397fb112f9a98
2016-12-02 22:20:22 +01:00
Translation updater bot d8225445b7 Localisation updates from https://translatewiki.net.
Change-Id: I3cea41c41af9e1fa69907ff736e2245232da232d
2016-11-28 22:32:12 +01:00
Reedy 5371436dff Remove unnecessary if
More minor styles

Don't use temporary variable to return

Change-Id: I773ae4405ed98f75dea3984f46c72a1043c2fe8f
2016-10-30 23:18:03 +00:00
Reedy ca778e2b98 Few style tweaks
Parameter documentation type hints

Remove unused RL module

Change-Id: I6e265c97eababa4bbfebb9402141664ad24b4e43
2016-10-30 22:56:44 +00:00
Chad Horohoe b5be580f26 Whoops, track not trace
Change-Id: I862e55edb79e06e50f280ed97d67fb0e6964d4ed
2016-10-24 17:03:54 -07:00
Chad Horohoe 18e69e8b49 Swapping defaultbranch for trace
The former is a maintenance nightmare when branching.

Bug:T146293
Change-Id: Ie2fc407b9e287ceba3567f9068bc756b4b7c8c1a
2016-10-24 16:38:35 -07:00
Translation updater bot 2e96666b74 Localisation updates from https://translatewiki.net.
Change-Id: I2e754dd3da2633249591fc6b79f847ec9e869924
2016-08-19 22:42:51 +02:00
Translation updater bot 2543c32ac5 Localisation updates from https://translatewiki.net.
Change-Id: I30bb64bc1ac5ac472af015c1b88ea20317b02488
2016-08-07 22:42:06 +02:00
Reedy bf17dd54e8 Remove 'UnitTestList' hook
No longer needed now that extension unittests are autodiscovered.

Bug: T142120
Change-Id: I03f1d1ea345a43685397e106fc5e27e1c2436f70
2016-08-05 22:42:12 +01:00
Translation updater bot e877b526fc Localisation updates from https://translatewiki.net.
Change-Id: Id14970c364acfb1c1c15f242440dd7b990b12b21
2016-07-21 23:01:21 +02:00
Translation updater bot 6626d3396b Localisation updates from https://translatewiki.net.
Change-Id: I55a6847b35c8fdbc68aff9b6fa66a209d0a95209
2016-04-22 22:24:41 +02:00
Bryan Davis a9cc53921f Use defined templatestyles-doc-header l10n message
s/templatestyles-doc-title/templatestyles-doc-header/

Change-Id: I1de180d49b3988d7fbe68fa3b1fab01411884557
2016-04-21 14:34:30 -06:00
Bryan Davis b39d76be08 General cleanup of CSSRenderer
* Add phpdoc comments
* Rename some variables to be a bit more clear for new readers
* Break up render() to make things more readable and reduce cyclomatic
  complexity

Change-Id: Iceeb1f6eb09b61efe6b81f359d28741f54fe88ad
2016-04-21 14:29:58 -06:00
Coren 1a6879c457 General cleanup of CSSParser
* Add phpdoc comments
* Update method signatures to reduce duplication
* Rename some variables to be a bit more clear for new readers
* Try to keep lines <80 chars (my own personal peeve I know)
* Use === instead of ==
* Fix a few other small code style issues

Change-Id: I52594fd34646af53fc91ec470fcf1d0be9c2b156
2016-04-21 14:29:58 -06:00
Bryan Davis 586694b64e Correct l10n message loading
s/MessageDirs/MessagesDirs/

Change-Id: I912b48442025fc381e6fc89671669717e834a76b
2016-04-21 14:27:30 -06:00
Bryan Davis 996b08ae93 Fix config loading
Change the ConfigRegistry setting in extension.json to the normal
GlobalVarConfig factor rather than a local wrapper.

Change-Id: I9a1b2869ee13fab59f628e4d5c83188a96062c42
2016-04-21 14:26:00 -06:00
Coren 29bdd0c18e Add property filtering
Properties listed in $wgTemplateStylesPropertyBlacklist, or
those that contain function-like values not listed in
$wgTemplateStylesFunctionWhitelist cause the containing
declaration to be omitted from rendering entirely.

Additionally, rule selectors are unconditionally prepended
with '#mw-content-text' so that they cannot be applied to
UI elements outside the actual page content.

Change-Id: Id3d7dff465363d0163e4a5a1f31e770b4b0a67e2
2016-04-21 05:16:06 +00:00
Bryan Davis 8b49e30b47 Ignore local Composer artifacts
Change-Id: Id88d177a43f7be4932fd774c519498871b42944e
2016-04-20 14:15:13 -06:00
Bryan Davis 1615767ae7 Pretty up the test suite
Add some comments and tweak the formatting of the test suite. Some
things that were hardcoded can now be tweaked by the
parse->render->verify tests if desired.

Change-Id: I36abc9fa2b9971d6b92d5714c4583dea6ad26b88
2016-04-20 14:15:13 -06:00
Coren 436370e59d Add unit tests for CSSParse and CSSRender
Test the roundtrip on a collection of correct and pathological
stylesheets to ascertain whether the parse is behaving as
expected.

Bug: T483
Change-Id: I484cc856b5696c1fa6265769320f79853365e1d6
2016-04-20 14:15:08 -06:00
Translation updater bot 37fbd09da5 Localisation updates from https://translatewiki.net.
Change-Id: Icddf99a2ee6ff79e948cd6c7e87cdf006003111f
2016-04-18 22:23:03 +02:00
Translation updater bot eea413648d Localisation updates from https://translatewiki.net.
Change-Id: Iafa8819d1c65d668c03577197f671026732deff9
2016-04-17 22:19:35 +02:00
Translation updater bot a4cea66515 Localisation updates from https://translatewiki.net.
Change-Id: I9981d2cc70a6b6f76fef44f5ae902cccd504b595
2016-04-16 23:15:42 +02:00
Translation updater bot 9ebf227e4e Localisation updates from https://translatewiki.net.
Change-Id: Iecb0616ed66cb6a6dceae5d2fd30626f3b9385de
2016-04-15 22:21:06 +02:00
Coren dfa7e27b5a Linting and slight tweak to parser
- add a tweak to the parser (keep the value tokens in a declaration
  separate in the parsed tree to ease matching at render time
- add error checking to encoding/decoding the templatestyles property
- pick some lint suggested by Brion and Bryan

Change-Id: If60b91e119102c0f0f559fe7e5a4c421c94b7ff4
2016-04-12 15:42:23 +00:00
Raymond b35763edbf Consisteny tweaks: Use lower case chars for message key only
In preparation for adding extension to translatewiki.net

Change-Id: I64fe725ceac7ec1b4d0da9c05e8285cc06278088
2016-04-10 22:49:25 +02:00
Coren 31743445bd TemplateStyles extension prototype
This extension adds a <templatestyles> tag that, when placed
on a template, allows specifying CSS for pages where that
template is transcluded.

Unlike inline styles, the per-template CSS supports rules
with proper selectors, and @media blocks.

THIS VERSION DOES NOT CURRENTLY FILTER DECLARATIONS and is
therefore unsuitable for wikis where unprivileged users should
not be allowed to influcence the pagewide CSS in unrestricted
ways!

Bug: T483
Change-Id: Ibc1cae3079d164f7ac7bcc7c4ded3f02bb048614
2016-04-08 11:08:59 -04:00
Alex Monk f063b69870 Add .gitreview
Change-Id: I28beb852d69a01be3f64ee8148b9ef2c8ab81e35
2016-04-05 15:47:06 +01:00