Page MenuHomePhabricator
Create Task
Maniphest T315872

Use the correct algorithm when decoding URL hash fragments
Closed, ResolvedPublic
Actions

Assigned To
ppelberg
Authored By
Esanders
Aug 22 2022, 11:28 AM
Tags
Referenced Files
F35511650: Screenshot 2022-09-07 at 07.29.10.png
Sep 7 2022, 6:40 AM
F35511644: Screenshot 2022-09-07 at 07.24.23.png
Sep 7 2022, 6:40 AM
F35511664: Screenshot 2022-09-07 at 07.39.32.png
Sep 7 2022, 6:40 AM
F35509485: Screenshot 2022-09-05 at 07.40.30.png
Sep 5 2022, 6:48 AM
Subscribers
Aklapper
EAkinloose
Esanders
Jdlrobson
Krinkle
matmarex
Tokens
"Like" token, awarded by Jdlrobson.

Description

Many places erroneously use decodeURI or decodeURIComponent, however these will throw an exception if they encounter a unencoded % which is allowed by the spec, e.g.

> decodeURIComponent('%A')
> Uncaught URIError: URI malformed

These errors have often just suppressed with a try/catch, and it is expected that fragments are generated fully encoded, however this is not always the case, and the escaping of user-generated inbound links is out of or control.

See also T106244

QA

The MobileFrontend Toggler ensures that if we link to a section of a page on mobile, the section gets automatically expanded. Note that opening the mobile site on a wide browser window will trigger "tablet mode" where sections are automatically expanded, so to test this you will need to open section links in a narrow browser window on the mobile site.

  1. Generate a link to a section of an article, e.g. by opening the site on desktop and copying a link from the table of contents
  2. Modify the link to be to mobile site
  3. Open the mobile link in a narrow window. Verify your section is scrolled to and the section opens.

Details

SubjectRepoBranchLines +/-
mediawiki.util: Add getTargetFromFragment (and percentDecode)mediawiki/coremaster+94 -0
Toggler: Use upstream percentDecodeFragmentmediawiki/extensions/MobileFrontendmaster+23 -53
Line number highlight: Use getTargetFromFragmentmediawiki/extensions/SyntaxHighlight_GeSHimaster+4 -4
highlighter: Use upstream getTargetFromFragmentmediawiki/extensions/DiscussionToolsmaster+2 -51
Customize query in gerrit

Related Objects

Event Timeline

Esanders created this task.Aug 22 2022, 11:28 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 22 2022, 11:28 AM
gerritbot added a comment.Aug 22 2022, 11:28 AM

Change 823142 had a related patch set uploaded (by Esanders; author: Esanders):

[mediawiki/core@master] mediawiki.util: Add getTargetFromFragment (and percentDecode)

https://gerrit.wikimedia.org/r/823142

gerritbot added a project: Patch-For-Review.Aug 22 2022, 11:28 AM
gerritbot added a comment.Aug 22 2022, 11:31 AM

Change 823647 had a related patch set uploaded (by Esanders; author: Esanders):

[mediawiki/extensions/MobileFrontend@master] Toggler: Use upstream percentDecode

https://gerrit.wikimedia.org/r/823647

gerritbot added a comment.Aug 22 2022, 11:31 AM

Change 823612 had a related patch set uploaded (by Esanders; author: Esanders):

[mediawiki/extensions/DiscussionTools@master] highlighter: Use upstream getTargetFromFragment

https://gerrit.wikimedia.org/r/823612

gerritbot added a comment.Aug 22 2022, 3:38 PM

Change 825368 had a related patch set uploaded (by Esanders; author: Esanders):

[mediawiki/extensions/SyntaxHighlight_GeSHi@master] Line number highlight: Use getTargetFromFragment

https://gerrit.wikimedia.org/r/825368

Jdlrobson awarded a token.Aug 23 2022, 2:55 PM
gerritbot added a comment.Aug 31 2022, 12:37 PM

Change 823142 merged by jenkins-bot:

[mediawiki/core@master] mediawiki.util: Add getTargetFromFragment (and percentDecode)

https://gerrit.wikimedia.org/r/823142

ReleaseTaggerBot added a project: MW-1.39-notes (1.39.0-wmf.28; 2022-09-05).Aug 31 2022, 1:00 PM
gerritbot added a comment.Aug 31 2022, 2:46 PM

Change 823612 merged by jenkins-bot:

[mediawiki/extensions/DiscussionTools@master] highlighter: Use upstream getTargetFromFragment

https://gerrit.wikimedia.org/r/823612

gerritbot added a comment.Aug 31 2022, 3:34 PM

Change 825368 merged by jenkins-bot:

[mediawiki/extensions/SyntaxHighlight_GeSHi@master] Line number highlight: Use getTargetFromFragment

https://gerrit.wikimedia.org/r/825368

Jdlrobson added projects: Web-Team-Backlog (Kanbanana-2022-23-Q1), MobileFrontend.Aug 31 2022, 8:46 PM

Olga: Incoming code review request from editing team for us (for https://gerrit.wikimedia.org/r/c/823647)

Given this impacts any URL containing a hash fragment we'll likely want to add some QA steps to this task before reviewing/merging.

Jdlrobson moved this task from Needs Analysis to Upcoming on the Web-Team-Backlog (Kanbanana-2022-23-Q1) board.Aug 31 2022, 8:46 PM
gerritbot added a comment.Sep 1 2022, 3:35 AM

Change 823647 merged by jenkins-bot:

[mediawiki/extensions/MobileFrontend@master] Toggler: Use upstream percentDecodeFragment

https://gerrit.wikimedia.org/r/823647

Esanders added a project: Editing-team (Kanban Board).Sep 1 2022, 5:39 PM
Esanders moved this task from Incoming to QA on the Editing-team (Kanban Board) board.
Esanders added a project: Editing QA.
Esanders moved this task from Inbox to High Priority on the Editing QA board.
Jdlrobson removed a project: Web-Team-Backlog (Kanbanana-2022-23-Q1).Sep 1 2022, 5:44 PM

Talked about this today in the editing team sync and editing team will be QAing this.

Esanders updated the task description. (Show Details)Sep 1 2022, 5:45 PM
Esanders updated the task description. (Show Details)Sep 1 2022, 5:47 PM
matmarex updated the task description. (Show Details)Sep 1 2022, 6:41 PM
EAkinloose added subscribers: matmarex, EAkinloose.Sep 5 2022, 6:48 AM

❗️ Verify your section is scrolled to and the section opens. The section with the % character does not open - Desktop and Mobile

@Esanders, I still get the warning when testing on https://en.wikipedia.beta.wmflabs.org/wiki/User:ESanders_(WMF)/sandbox#Romeo+Juliet_%A_%C3%93_%20.

Screenshot 2022-09-05 at 07.40.30.png (522×3 px, 277 KB)

See https://photos.app.goo.gl/8MNtRTUZbg7nH7sYA for more context

cc @matmarex

matmarex added a comment.Sep 6 2022, 8:19 PM

I think that's tracked separately: T315222: New vector TOC not escaping hash fragments and so generating invalid URLs. It should work in old Vector (and other skins).

The exceptions are real, but unrelated to our changes and pre-existing. Other code also doesn't handle these URLs well.

EAkinloose edited projects, added Verified; removed Editing QA.Sep 7 2022, 6:40 AM

Thanks @matmarex.

This makes more sense to me now - it brought something else to my attention.
✅ Verify your section is scrolled to and the section opens

✔ This should be tested with headings with various character sets (e.g. Arabic, Thai). See https://photos.app.goo.gl/sVqEiv9JJKxzw3Ao8.

✔ Test this use case from a previous bug: https://en.wikipedia.beta.wmflabs.org/wiki/User:ESanders_(WMF)/sandbox#Romeo+Juliet_%A_%C3%93_%20 See

Screenshot 2022-09-07 at 07.39.32.png (688×424 px, 49 KB)

✔ Test that hash links on mobile with / still work, such as the link you get when the editor is open. See

Screenshot 2022-09-07 at 07.24.23.png (1×738 px, 129 KB)
and
Screenshot 2022-09-07 at 07.29.10.png (1×762 px, 122 KB)

EAkinloose moved this task from QA to Ready for Sign Off on the Editing-team (Kanban Board) board.Sep 7 2022, 6:40 AM
ppelberg closed this task as Resolved.Sep 22 2022, 4:51 PM
ppelberg claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL