Page MenuHomePhabricator
Create Task
Maniphest T145304

wgIsProbablyEditable is true if an abuse filter would prevent the user from editing (e.g. TitleBlacklist)
Open, MediumPublic
Actions

Description

The following problems were observed editing logged out. I have not tested them when logged in to an account.

When a page is protected in the normal way, such as my userpage https://en.m.wikipedia.org/wiki/User:BethNaught , the mobile interface issues a pop-up when the edit icon is pressed and the editor redirects back to the page, if the user does not have sufficient permissions to edit.

However, when a page is not 'protected' but instead the title blacklist prevents its editing or creation, the editing interface opens and the user is allowed to proceed up to pressing the save button, on which the uninformative and unfriendly message "Error, edit not saved" pops up (this part was fixed as T65335).

The following pages on English Wikipedia are blocked from non-autoconfirmed creation and editing respectively by the blacklist: https://en.m.wikipedia.org/wiki/Talk:Morgan_is_a_moron , https://en.m.wikipedia.org/wiki/User_talk:Bonadea/Editnotice . The above-mentioned issue can be seen here.

For consistency with normal protection and for user-friendliness, the mobile site should recognise title blacklist prohibitions and prevent access to the editor in cases where the user does not have sufficient permissions. Moreover the error message should be appropriately informative.

Related Objects

Event Timeline

BethNaught created this task.Sep 10 2016, 8:51 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 10 2016, 8:51 PM
BethNaught renamed this task from When a page is protected by the title blacklist, the mobile editing interface is enabled to When a page is protected by the title blacklist, the mobile editing interface is still enabled.Sep 10 2016, 8:56 PM
MBinder_WMF added a project: Web-Team-Backlog.Sep 13 2016, 5:19 PM
ovasileva triaged this task as Medium priority.Sep 14 2016, 4:46 PM
ovasileva raised the priority of this task from Medium to High.
ovasileva moved this task from Incoming to Needs Prioritization on the Web-Team-Backlog board.
jhobs added projects: Contributors-Team, VisualEditor.Sep 14 2016, 4:48 PM
jhobs subscribed.

Adding VisualEditor as I think it was requested we add it even for non-visual-editor-editing tasks, IIRC.

Jhernandez removed projects: VisualEditor, Contributors-Team.Sep 15 2016, 4:20 PM
ovasileva lowered the priority of this task from High to Low.Sep 15 2016, 4:20 PM
Jhernandez added subscribers: Jdlrobson, Jhernandez.Sep 15 2016, 4:21 PM

@Jdlrobson Do you have any thoughts around why we're not respecting this? Would it be hard to do?

Jdlrobson renamed this task from When a page is protected by the title blacklist, the mobile editing interface is still enabled to wgIsProbablyEditable is true for blacklisted page - When a page is protected by the title blacklist, the mobile editing interface is still enabled.Jun 5 2017, 5:41 PM
Jdlrobson raised the priority of this task from Low to Medium.
Jdlrobson added a project: VisualEditor.
Jdlrobson moved this task from Needs Prioritization to 2014-15 Q4 on the Web-Team-Backlog board.

This is an editing bug. I'm not sure how the title blacklist can be accessed via JS (if at all). We rely on wgIsProbablyEditable which is true for blacklisted pages.

Deskana subscribed.Jun 6 2017, 7:12 PM

Is this not the point of it being "probably" editable? It's not necessarily telling you for sure whether it is or not, for performance reasons.

Deskana added a project: MediaWiki-Page-editing.Jun 6 2017, 7:12 PM
Jdforrester-WMF moved this task from To Triage to TR0: Interrupt on the VisualEditor board.Jun 13 2017, 5:55 PM
Jdlrobson moved this task from 2014-15 Q4 to Tracking on the Web-Team-Backlog board.Jun 29 2017, 8:20 PM
Jdlrobson edited projects, added Web-Team-Backlog (Tracking); removed Web-Team-Backlog.
Jdlrobson added a comment.Jun 29 2017, 8:23 PM

Is this not the point of it being "probably" editable? It's not necessarily telling you for sure whether it is or not, for performance reasons.

That's fair :)
I'm not sure how viable it is to check the title at the start of the workflow but it does seem like something that can be checked up front.

Jdlrobson moved this task from Untriaged to Untag on the Web-Team-Backlog (Tracking) board.Jun 29 2017, 8:46 PM
Deskana moved this task from TR0: Interrupt to To Triage on the VisualEditor board.Sep 20 2017, 12:27 PM
Deskana moved this task from To Triage to Freezer on the VisualEditor board.Sep 20 2017, 12:40 PM
matmarex mentioned this in T219848: Unprivileged users see "edit" on cascade protected page.Jul 2 2019, 12:13 AM
matmarex mentioned this in T65335: Mobile should have better support for TitleBlacklist errors.Sep 30 2019, 4:27 PM
matmarex updated the task description. (Show Details)Sep 30 2019, 4:32 PM
Jhernandez unsubscribed.Apr 2 2020, 6:46 PM
Jdlrobson moved this task from Backlog to Team:Editing on the MobileFrontend board.Jul 24 2020, 2:33 AM
Jdlrobson moved this task from Untag to Untriaged on the Web-Team-Backlog (Tracking) board.Sep 7 2021, 9:06 PM
Jdlrobson removed a project: Web-Team-Backlog (Tracking).Sep 16 2021, 4:35 PM
Krinkle removed projects: VisualEditor, TitleBlacklist, MobileFrontend.Sep 16 2021, 5:56 PM
Krinkle subscribed.

This isn't related to VE or MobileFrontend. The same applies to Vector and desktop for example.

Abuse prevention controls are generally considered expensive and are likely not going to be run proactively prior to attempting to submit a form. Both for performance reasons, but also due to the design of the technical interfaces behind it (which react to an edit submission and all the context related to that, not merely a title).

There are likely also good reasons around trust and safety, and voice and tone that would likely prevent us from wanting to render such attempts in ways that acknowledges anything about them. There are ways this can be abused and backfire. There is also a general expectation that page headers are consistent between associated pages and actions (view/history/edit, subject page and talk page, special pages such as Move and Undelete), and thus this infromation would have to be computed in that context as well, and then propagate to skins through any relevant caches.

From a user experience perspective I'd say this is a non-issue. Page protection is something we expect "good" users to encounter, so we want to help them and be informative. Abuse prevention controls aren't meant to affect good-faith behaviour so the example in the task involving the word "moron" is not something I think we need to be concerned about.

What does seem more of a concern is the use of TitleBlacklist to essentially deny editing of certain pages to newer users. My guess is that this is not a use case that the technology was designed for, and when it ends up applied in this way without consulting engineers, it is not going to work as expected as we find here. Perhaps a feature request coud be filed to allow /Editnotice pages to be protected in a similar manner that /common.js is protected through a user right.

Krinkle renamed this task from wgIsProbablyEditable is true for blacklisted page - When a page is protected by the title blacklist, the mobile editing interface is still enabled to wgIsProbablyEditable is true if an abuse filter would prevent the user from editing (e.g. TitleBlacklist).Sep 16 2021, 5:57 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits