Prevents accidentally treating plain text or user input
as HTML, which could be an XSS vulnerability.
Change-Id: Id4af48447a0907962a57340cb60aca08df9cc505
I tried to review all of them. Some of the changes I did:
* Make sure the `config` parameter is not marked as optional
when it is not.
* Make sure default values are mentioned.
* List individual `@cfg` options when it makes sense.
Note I don't list all options a class could accept (e.g. via all
its parent classes and mixins). That's too much. Instead I checked
how a class is actually used and list only these options.
Even then I don't list everything, e.g. unspecific options
like "classes" that can be used pretty much everywhere.
Change-Id: Idf4fbe1dc3608ace277df9e385f2f140df3a2f50
These don't add any knowledge but make the code harder to read
and maintain, and are an additional source of errors.
Change-Id: Ied57741a3f985e355adfddb4e75378d5c497faa9
* Create getSurfaceClasses method.
* Pass surfaceClasses to target widgets.
This ensures that the 'content' class is passed to mobile
target widgets, and the 'mw-body-content' class is added
in a less hacky way.
Change-Id: Ibce6d1a1d0fda63cca354761f1b91f808858e95b
VisualEditor recreates the mw-body-content element. The element
with mw-parser-output already exists as a child. All skins now
consistently follow this pattern.
To limit the impact to the editor, we use ArticleTarget and add the class
to the surface, which corresponds to the mw-body-content element of a skin.
This avoids unrelated regressions in experiences such as DiscussionTools.
Bug: T283014
Change-Id: I4833d1ca9fda4fc0bd433760e47fe7010f00db05
The regex that removes the wikilinks to create the initial edit summary
should have the global flag since it was taken from preg_replace which
replaces globally implicitly.
Bug: T276722
Change-Id: I21e3cdfe752657ad37d9a6bd473a7e7dbb6e4cd6
We need the whole DM doc to show reference diffs
correctly. We can filter down to the active section
after the conversion like we do with the editor.
Bug: T272813
Change-Id: I2081dd520ff414caadaed2efda955d600953c957
New changes:
c17816c5f Diff sidebar: Make font size slightly smaller
f8439f4cc Deep-freeze linear data
a8919f78e Deep-freeze linear data added by transactions
Local changes:
Fixes for deep-frozen linear model
Bug: T119236
Change-Id: Iae4362c8dab0f2bd335e24498f3e0522b8b1d4fc
This was used when we used to pass API errors to showMessage, but
is now unused by the two remaining users (missing edit summary, and
"press ctrl+enter to submit").
Change-Id: I8a6b4db78d4e451cf3ec85fcdfd8293328aaaa3c
* Remove custom internal events in ArticleTarget for every error type.
The indirection was just making it harder to figure out what data
goes where.
* Centralize the actual logging in ArticleTarget, instead of doing it
in a dozen methods.
* Directly use the error code from the API for 'save_failure_message'.
Previously we'd lose the original error code and generate a new one
in the event indirection stuff, except for 'responseUnknown'.
* Update 'save_failure_type' map. Remove unused error codes, update
the ones that changed, and sort in the order in which the types are
listed on the schema page.
Bug: T272162
Change-Id: Ied602c456f4b0e7e9bb135e3200bec5ce65641ba
originalDmDocPromise is dervied from target.doc, so if that changes
ensure the promise is cleared.
Change-Id: I51219e06109b0ccf1a17c920131b764862be85e1
Rebuild the category list from the data we got from the API. This makes
it work regardless of whether we came here from activating on an
existing page, switching from source mode, or loading via an edit URL.
Because Parsoid doesn't include redlink status on the <link>s it
represents the categories as, we do have to manually update those
styles.
Bug: T251398
Change-Id: Iaaef3223816269bba1371fbb07956119a120c1ca
There used to be similar code here, but it was removed in 2015 in
85b745666f because it wasn't correct in
some cases. Restore it and instead separately check for those cases.
Bug: T257124
Change-Id: Id4a17266111d064805aa0ca865182bb2f4b019eb
This reverts commit e5c1ef651b.
This change caused an error where templates failed to be inserted
into wikitext in the 2017 wikitext editor.
Bug: T255785
Change-Id: Ie57c49e68e594be22af2b1b479840f29e46131db
mw.Target doesn't know about revid and etag, so move that logic
to ArticleTarget, where the param can still just be a boolean.
Change-Id: Idf4632cd28554aaf5bbf5f2b44ded047c0c4b182
This handles the minor edit and watch checkboxes, as well as any added
by extensions (e.g. FlaggedRevs).
Switching in the other direction already works fine, that is
implemented in ArticleTarget#getSaveFields.
It doesn't seem ideal to put this code into the constructor of
ve.init.mw.DesktopArticleTarget, but that's where we already have
similar logic for the edit summary. I filed T253696 about this.
Bug: T250388
Change-Id: Ia6a9c0465ed215e8f74b9fff4590593383e9a1e6
Previously we didn't deactivate them, so if you opened VE, then
switched to NWE, then exited the editor, all three tabs would appear
active.
Change-Id: I904d6daf2896ceadf004f5e57a88c2359f33fd44
The base class doesn't use it, it only defines it, and
DesktopArticleTarget is the only subclass that uses it.
MobileArticleTarget calls it, but also overrides it to be a no-op.
Change-Id: Ib3feea94844f4e1ed71dccece7657450516cac89
Factor out the logic for whether the WelcomeDialog should be shown into
its own method, and write it in a less confusing way. Do the same thing
with the logic for setting the preference/storage/cookie for hiding the
WelcomeDialog.
This makes maybeShowWelcomeDialog() much simpler, and removes duplicated
code in DesktopArticleTarget.
There is one minor change in behavior: if the WelcomeDialog is
suppressed using the URL parameter, that no longer causes the preference
to be updated as if the dialog had been shown.
Change-Id: I1d4f912c5f6bd7a2bbad2b209b97c3ec1f250a07
In MediaWiki, section numbers may be prefixed with 'T-' if they refer
to sections on a transcluded page, so they are not really numbers.
Change e2cb9ce93e caused us to treat them as strings most of the time,
but it looks like there are several places where we treated them as
integer numbers, which I missed when making that patch.
The first two changes in ArticleTarget#restoreEditSection fix T248795
and T248968/T249112, respectively. The other changes are cleanup.
Bug: T248795
Bug: T248968
Bug: T249112
Change-Id: I8373a7ab515595769ce6f3051a182c922415b643
Bring in ve.dm.MWInternalLinkAnnotation.static.getTargetDataFromHref
and ve.resolveUrl, so that the file has no dependencies on VE.
Change-Id: I03bc455d5484a6c51f3fa2397c64936b829fe7e3
This code path is triggered when saving a new section in NWE causes an
edit conflict, which should be impossible, but apparently does happen.
Add some TODOs for parameters being added to the API calls in weird
places, instead of the dedicated methods.
Bug: T248364
Change-Id: I0686671e86e35f9ba503d0dd84e9074dde72dc10
The code for setting 'watchlist' in the EditAPI request
was completely broken as it always evaluated to 'unwatch'.
Instead pass through 'watchlist' directly from the client
where it must be set to 'watch' or 'unwatch'.
Bug: T245579
Change-Id: Ia5a2bb76ef35a685b39bcc0c4727796acd0f510d
When using TwoColConflict with VisualEditor, the autosave buffer wouldn't
be cleared after saving the successful merge. This would cause a user to
see a "restore changes?" prompt the next time they entered the editor,
with the potential to confuse them and cause them to do extra work,
repeating the conflict resolution unnecessarily.
This change purges the autosave buffer before submitting a merge.
Note that it is not transactional, so there is a chance we're losing the
autosaved content even if the submit will fail.
Bug: T245119
Change-Id: I150023f548c5565412769d644a828176f907bc25
Things I noticed while writing I37f8e89b6d92c419d1b6569891612256342f8139,
but which felt too messy to include in that commit.
* Use promise chaining
* Update documentation
* Remove redundant code
* Split a method that now handles two different errors
* Grumble about localisation messages
Change-Id: I81e28a03af4f6c3452679ef6bbcaa89bb1235122
When the user is saving their edit, we want to ensure that they
understand how it will be attributed. If the user gets logged out or
logs in in another tab, we want to display a message about it before
saving.
Instead of manually managing tokens and handling the 'badtoken' error
to detect this, use the 'assert'/'assertuser' parameters for the API
to detect it for us. Thanks to this we can rely on automatic retrying
for 'badtoken' errors in mw.Api#postWithToken.
It will be possible to share some of this code with other extensions
that already use ArticleTargetSaver, namely DiscussionTools, now that
it doesn't need to manage tokens for VisualEditor.
Bug: T245327
Depends-On: I485f99e1f5f493262b0c9af22370da01adf1e09c
Change-Id: I37f8e89b6d92c419d1b6569891612256342f8139
It was broken on desktop and on mobile, but for different reasons:
Desktop: In change 5f1c68945d,
I removed some code from DesktopArticleTarget that was checking for
`typeof errorDetails === 'string'`. I thought it was unused, but it
was actually needed for this code.
Mobile: overlay.reportError() doesn't work here: that method displays
the error inside the save panel, which is not visible at this point.
This is now solved by treating those errors as if they were API errors,
which is something we were already doing in ArticleTargetSaver.
Change-Id: I5207836f56d65171b1240cef02fc17b9956036ef
It turns out anonymous users can't apply change tags, so change
I2c1d0f8d69bc03e5c1877c790247e165f160e966 broke editing for them.
Bug: T242184
Change-Id: I7c27e4d9995428e213a980819810f235fdfe9435
This opens up the API so that other tools can use it without being
forced to tag those edits as being from VE.
Also, document that tags is a working parameter that can be passed
through to the edit API.
Bug: T242184
Change-Id: I2c1d0f8d69bc03e5c1877c790247e165f160e966
When NWE is enabled but VE is supposed to be unavailable on the page
(e.g. in talk namespaces), do not show the option to switch to VE in
the welcome dialog.
This is relevant if new users use NWE, due to config like below
(we use this on WMF Office wiki):
$wgDefaultUserOptions['visualeditor-newwikitext'] = true;
Change-Id: Iee8c3d3604a13dcd20efa713e49461ba9b885749
This code works perfectly on mobile now, I believe change
4fb17205b6 fixed that.
Note that the dialog is currently never shown due to the override
in MobileArticleTarget, but I tested after removing it.
Change-Id: I305a01fc78366a3d2d13662e6d71711864e0dffc
The comment here seems to be wrong, as far as I can tell, this
case can only happen when viewing a diff with no changes
(`data.result === 'nochanges'`) or saving an edit and getting
a captcha (`data.result === 'error'`).
The handling here, added in the recent refactor
b0f4b4c94e, causes both of these
cases to behave wrong (displaying the error message, instead of
empty diff / captcha form).
Change-Id: I305e8ca9ff769c229a93d5fb3307e545a0227f2f
* Add a postWikitext method and split out postContent
from postHtml
* Move saveSuccess handling into postContent promise
* Connect promise directly to saveComplete instead
* Pass whole response.visualeditoredit object, instead
of splitting into variadic arguments for saveComplete.
* [DEPRECATION] Make serialize return the postHtml promise
and deprecate passing a callback.
Change-Id: I905737515578000b2b87214c92e8b9fe9e82f6b7
New changes:
be8235e82 Localisation updates from https://translatewiki.net.
6f43a6c8d Remove MW-specific code for setting up section editing
Local changes:
* Bring in section editing logic from VE core
Sets attachedRoot iff there is only one SectionNode in the whole document.
Change-Id: I15b5ebf3848482ef6df6d19114d26a1b1d4a3b13
If the paction=serializeforcache request fails, we were erroneously
converting it to a successful result with no value, which later causes
an exception, because since 381b58585c
other code expects the result to an an object.
The bug was introduced in 2015 in 07001001be,
but until that recent change it would only cause a 'badcachekey'
error, which was handled correctly later.
Change-Id: Ie1ffc8c3e616a7d296f2186fb17eaf039971a44f
Previously, the ve-mw/init/ directory contained two kinds of files:
those that were used when initializing VE, and those that may be
loaded even if VE is not going to be initialized at all. The latter
kind must not use the `ve` global variable.
After moving those files to ve-mw/preinit/ we can enforce this with
.eslintrc.json in that directory. This would have prevented T228684.
(Technically they merely must not use `ve.init`, and may use `ve`,
but that's harder to enforce. We should instead move the few non-init
methods out of `ve`: now, track, trackSubscribe, trackSubscribeAll).
Also, group some files under ve-mw/init/: targets/ now (only)
contains ve.init.mw.Target and its subclasses, apiresponsecache/
now contains ve.init.mw.ApiResponseCache and its subclasses.
Bug: T228684
Change-Id: I945249a27f6a0fa10a432d5c5dc57bc7e0461fd8