Page MenuHomePhabricator
Create Task
Maniphest T190104

[Spike, 4hrs] Explore adding protection for using forbidden methods
Closed, ResolvedPublic0 Estimated Story Points
Actions

Description

We've already had a blip where we broke Popups for Internet Explorer because we used the const key word without a transpile step in our code (T174424). We easily fixed that and added some safeguard (an additional ESLint job on the distribution script) to stop that happening again.

As we adopt more modern JavaScript via transpiling we'll want to be additionally cautious that we don't inadvertently use unavailable JavaScript in our targetted environment eg. Object.assign

https://github.com/amilajack/eslint-plugin-compat

Spike outcomes

  • A proof of concept demonstrating the feasibility of the idea.
  • A recommendation of whether we go ahead with doing it

Details

SubjectRepoBranchLines +/-
POC: forbid unsupported APIsmediawiki/extensions/Popupsmaster+90 -24
Customize query in gerrit

Related Objects

Event Timeline

Jdlrobson created this task.Mar 19 2018, 11:02 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 19 2018, 11:02 PM
Jdlrobson moved this task from Needs Prioritization to Triaged but Future on the Web-Team-Backlog board.Mar 19 2018, 11:03 PM
Jdlrobson moved this task from Triaged but Future to Upcoming on the Web-Team-Backlog board.Mar 27 2018, 3:03 PM
Jdlrobson triaged this task as Medium priority.Mar 27 2018, 4:29 PM
Jdlrobson set the point value for this task to 0.Mar 27 2018, 4:48 PM
Niedzielski added a project: Technical-Debt.Mar 28 2018, 1:36 PM
Niedzielski added a project: Page-Previews.Apr 20 2018, 3:09 PM
Niedzielski subscribed.

Tagging popups since it seems like the best project to make this experimentation on.

Niedzielski awarded a token.Jun 6 2018, 2:47 PM
Jdlrobson added a project: Readers-Web-Kanbanana-Board-Old.Jun 18 2018, 5:24 PM
Jdlrobson moved this task from Upcoming to 2017-18 Q4 on the Web-Team-Backlog board.
Niedzielski claimed this task.Jun 19 2018, 3:29 PM
Niedzielski moved this task from To Do to Doing on the Readers-Web-Kanbanana-Board-Old board.
gerritbot subscribed.Jun 19 2018, 7:20 PM

Change 441090 had a related patch set uploaded (by Niedzielski; owner: Stephen Niedzielski):
[mediawiki/extensions/Popups@master] POC: forbid unsupported APIs

https://gerrit.wikimedia.org/r/441090

gerritbot added a project: Patch-For-Review.Jun 19 2018, 7:20 PM

Change 441090 abandoned by Niedzielski:
POC: forbid unsupported APIs

Reason:
Preemptively abandoning this. Feel free to revive if you disagree.

https://gerrit.wikimedia.org/r/441090

Niedzielski removed Niedzielski as the assignee of this task.Jun 19 2018, 7:22 PM
Niedzielski moved this task from Doing to Needs Code Review on the Readers-Web-Kanbanana-Board-Old board.
Jdlrobson added subscribers: pmiazga, Jdrewniak.Jun 19 2018, 9:34 PM

From POC:

Lint unsupported web API usage with the Browserslist support matrix.
Detection seems simplistic. For example, defining and using a function
called "fetch" triggers a false positive that must either be disabled at
each reference, claiming that fetch has a global polyfill (shown below
via settings), or renaming the symbol (done in this patch). It also
fails to detect missing APIs like Object.entries(). Because of these
shortcomings, I don't think we're going to get as much value out of it
as we'd hoped. However, I'm happy to give it a try if others disagree.

For some reason, overrides work to suppress some issues flagged in tests
but not others which seems like a bug. This patch point suppresses a
Promise usage as a workaround.

Example of claiming is polyfilled in the ESLint settings:

	"settings": {
		"polyfills": [ "fetch" ]
	}

@pmiazga @Jdrewniak wondering if you have any thoughts on the above assessment?

pmiazga added a comment.Jun 20 2018, 6:31 PM

LGTM

Jdlrobson closed this task as Resolved.Jun 20 2018, 7:28 PM
Jdlrobson claimed this task.
Jdlrobson moved this task from Needs Code Review to Ready for Signoff on the Readers-Web-Kanbanana-Board-Old board.

Thanks for looking into this Stephen! I've documented this here: https://www.mediawiki.org/wiki/Reading/Web/Coding_conventions#Transpiling
(We should also look at updating that page to reflect our more modern code practices)

Jdrewniak added a comment.Jun 29 2018, 12:54 PM

Bummer! I guess it basically just greps for keywords. I don't think defining functions as "polyfills" is a good approach because we might define a function named 'fetch' in one place, but then we might try using the native fetch function in another place, it won't spot that second error.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits