Page MenuHomePhabricator
Create Task
Maniphest T229311

Avoid unnecessary encoding of '<', '>' and '&' in output of load.php
Closed, DeclinedPublic
Actions

Description

The styles and messages delivered by load.php contains unnecessary escaped characters like \u003E instead of >. Escaping of <, > and & is not needed here and is a waste of traffic.

Examples:

Details

ProjectBranchLines +/-Subject
mediawiki/coremaster+22 -5resourceloader: Avoid HTML encoding in output of load.php
mediawiki/coremaster+133 -66resourceloader: Add $context to static functions in ResourceLoader
Customize query in gerrit

Event Timeline

Fomafix created this task.Jul 30 2019, 8:43 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 30 2019, 8:43 AM
gerritbot added a comment.Jul 30 2019, 8:43 AM

Change 526385 had a related patch set uploaded (by Fomafix; owner: Fomafix):
[mediawiki/core@master] ResourceLoader: Avoid escaping of characters in styles

https://gerrit.wikimedia.org/r/526385

gerritbot added a project: Patch-For-Review.Jul 30 2019, 8:43 AM
Krinkle triaged this task as Medium priority.Jul 30 2019, 1:11 PM
Krinkle moved this task from Inbox to Accepted Enhancement on the MediaWiki-ResourceLoader board.
Krinkle moved this task from Inbox to Backlog: Maintenance on the Performance-Team board.
Krinkle added a subscriber: Krinkle.

Thanks!

Fomafix renamed this task from Remove unnecessary escaping in styles to Remove unnecessary escaping of '<', '> and '&' in styles and messages.Aug 1 2019, 6:28 PM
Fomafix renamed this task from Remove unnecessary escaping of '<', '> and '&' in styles and messages to Remove unnecessary escaping of '<', '>' and '&' in styles and messages.
Fomafix updated the task description. (Show Details)
gerritbot added a comment.Sep 9 2019, 6:58 PM

Change 535266 had a related patch set uploaded (by Fomafix; owner: Fomafix):
[mediawiki/core@master] [WIP] resourceloader: Move encodeJsonForScript to ResourceLoaderContext

https://gerrit.wikimedia.org/r/535266

Fomafix renamed this task from Remove unnecessary escaping of '<', '>' and '&' in styles and messages to Avoid unnecessary encoding of '<', '>' and '&' in output of load.php.Sep 12 2019, 11:18 AM
gerritbot added a comment.Sep 27 2019, 8:48 PM

Change 535266 merged by jenkins-bot:
[mediawiki/core@master] resourceloader: Add $context to static functions in ResourceLoader

https://gerrit.wikimedia.org/r/535266

ReleaseTaggerBot added a project: MW-1.34-notes (1.34.0-wmf.25; 2019-10-01).Sep 27 2019, 9:00 PM
Krinkle removed a project: MW-1.34-notes (1.34.0-wmf.25; 2019-10-01).Oct 16 2019, 10:42 PM
Krinkle removed a project: Patch-For-Review.Mar 27 2020, 4:57 PM
gerritbot added a comment.Feb 12 2021, 3:24 AM

Change 526385 abandoned by Krinkle:
[mediawiki/core@master] resourceloader: Avoid HTML encoding in output of load.php

Reason:
I'm declining this for sake of simplicitly. The optimisation is imho not worth the complexity and security risk, and I rather like the idea that we are "just" sending load.php responses into <script> tags, essentially following the preload / "Facebook BigPipe" idea. Separating the two would require every possible byte that might make its way into the response to be split and injected and made aware of this which I think is too big of a gamble and limitation to enforce on the whole stack.

https://gerrit.wikimedia.org/r/526385

Krinkle closed this task as Declined.Feb 12 2021, 3:24 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL