Hi Florian, where and when are you looking to get this deployed?

In T108687#1527626, @csteipp wrote:

Hi Florian, where and when are you looking to get this deployed?

-> Blocks: T95041: Deploy CodeMirror extension to beta cluster

@csteipp: @Aklapper pointed you to the right task (thanks!), does it answer your question? If not, or if you need more information, I will support you as much as possible :]

@csteipp: Still in discussions with Editing team, TCB team, and Community Liaisons about the potential of deploying CodeMirror, so security review is not pressing.

Looks like we won't be deploying this to Wikimedia wikis (see T95041). Not sure if that means it should be marked as declined though (since someone else could still do a security review of it for the benefit of 3rd party wikis).

Per the Community Wishlist Survey results, we would like to deploy the CodeMirror extension to Beta Labs for performance and compatibility testing in order to evaluate whether it might be a viable option for syntax highlighting.

@kaldari To clarify, what's the status of this bug? Perhaps it should be closed, and someone could file a new bug if/when people actual intend to use this extension.

@Bawolff: Actually, this is back on the table. We talked with the Editing Team about using CodeMirror for the old WikiText editor (and emulating the same highlighting style in the new WikiText editor) and they were receptive to the idea (on the condition that it be an opt-in feature). The only person we're still waiting to hear back from is Ed Sanders, but he seems to be AWOL at the moment. I'll post an update as soon as we talk to him.

Also examples of how to highlighting style in the new WikiText editor would be very helpful.

@Pastakhov Some screenshots of the current styles:

We're hoping to get a designer to look at these soon.

@Pastakhov, @Bawolff: We met with @Esanders. We're now investigating the possibility of integrating CodeMirror with the new WikiText editor rather than emulating it. (See T161052 and T161054.) We currently have no blockers for implementing this as an opt-in feature in the old WikiText editor besides security and design reviews.

@kaldari, can you update the description of this ticket and add the info requested at https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Security_reviews#Requesting_a_review? Once that's done, I'll get this scheduled.

@dpatrick: Description updated. Let me know if you need any other info. Thanks!

PHP code is fine

CodeMirror extension is another candidate for T107561

What's the status of this security review? It's my understanding that this extension was briefly deployed to all wikis as a beta feature and should be back soon.

Yeah, I'm a little unclear on that myself. Reedy reviewed the PHP code back in April. There's some JS code in the extension that should be reviewed as well, though:

• resources/ext.CodeMirror.js
• resources/mode/mediawiki.js
• stuff in resources/modules/ve-cm

@dpatrick marked this as "In Progress" back in May, but I haven't heard anything since then. It's definitely ready to deploy, so is there any way to get this wrapped up soon?

Hi, we're hoping to get this extension out this week/early next week. Can we get this reviewed soon? Ping @dpatrick

Side point, it may be worth swapping codemirror to 5.25.2 from 5.25.0.

I don't see any specific security/performance fixes at all, never mind any relevant. Some crash fixes in 5.27.*, but they shouldn't be appropriate. No obvious reason to bump to 5.28.0 at this junction, but I'm guessing you'll do that as a matter of course anyway for other bug fixes, features et al.

(Though Fix infinite loop in forced display update. in 5.27.0 does seem interesting :P)

Sorry for the delay in this, never really got finished. Many other stuff going on and around.

I don't see anything obviously blocking this being further deployed on WMF wikis