Page MenuHomePhabricator
Create Task
Maniphest T322173

Fix rare unsafe use of Message::parse() in paragraph wrapper
Closed, ResolvedPublic
Actions

Description

Exibit A
	Html::rawElement( 'p', [], $msg->parse() )

I found less than 10 instances of in all WMF production codebases, so this is definitely rare and more likely the result of refactoring or copy-paste mistakes than any general lack of testing or understanding. But, I figured I'd file this task to track those fixes, reference as place to explain the issue, and possibly to talk about ways to statically detect this if we think it's worthwile (eg. CodeSniffer or Phan).

Problem

Interface messages, especially those that render as a dedicated block-level paragraph on special pages, are often translated or overriden on-wiki to contain rich text that can produce one or more block-level elements.

Even simple translation values that merely write two lines of text instead of one line, would break in the above scenario. There would be two <p> elements which are then wrapped inside a hardoded <p> element. This is actually illegal in HTML5, and is interpreted in modern and standards-compliant browsers, as redundant void elements. This is similar to what happens when you attempt to nest <li>, <img> or <input>` albeit for slightly different spec reasons.

HTML5: <p> <p>foo</p> <p>bar</p> </p>
DOM:  <p></p> <p>foo</p> <p>bar</p> <p></p>

Another common way to break this, and why we rarely wrap Message->parse() in paragraphs manually, is when translations or on-wiki overrides introduce a list. In that case you'd have <ul> inside the list.

And lastly, the most common way to break it is on-wiki overrides that use templates to generate <div>, <table> and what not.

Mitigation

The Parser actually always produces block. Akin to Markdown, even a single line of plain text would generate at least a paragraph element. The vast majority of interface messages are used in a context where inline flow is expected, such as link labels, tooltip attribute values, list item values, heading values, etc.

As such, Message::parse() defaults to stripping the single outer paragraph away before returning the value. See the private Message::format() method for how this works.

Fortunately, the solution is quite straight-forward, and this is already what core and 99% of extensions do when rendering a message block — we can call Message::parseAsBlock() instead, which returns the parser output unmodified, as paragraph or as whatever other block(s) the message contains.

Details

SubjectRepoBranchLines +/-
Avoid unsafe wrapping of Message::parse() into paragraphmediawiki/extensions/CentralNoticemaster+2 -4
Avoid unsafe wrapping of Message::parse() into paragraphmediawiki/extensions/DiscussionToolsmaster+5 -5
Avoid unsafe wrapping of Message::parse() into paragraphmediawiki/extensions/Collectionmaster+3 -3
Avoid unsafe wrapping of Message::parse() into paragraphmediawiki/extensions/FileImportermaster+15 -23
Avoid unsafe wrapping of Message::parse() into paragraphmediawiki/extensions/MassMessagemaster+4 -5
Customize query in gerrit

Event Timeline

Krinkle created this task.Nov 2 2022, 12:18 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 2 2022, 12:18 AM
gerritbot added a comment.Nov 2 2022, 12:18 AM

Change 851736 had a related patch set uploaded (by Krinkle; author: Krinkle):

[mediawiki/extensions/Collection@master] Avoid unsafe wrapping of Message::parse() into paragraph

https://gerrit.wikimedia.org/r/851736

gerritbot added a project: Patch-For-Review.Nov 2 2022, 12:18 AM

Change 851737 had a related patch set uploaded (by Krinkle; author: Krinkle):

[mediawiki/extensions/DiscussionTools@master] Avoid unsafe wrapping of Message::parse() into paragraph

https://gerrit.wikimedia.org/r/851737

gerritbot added a comment.Nov 2 2022, 12:21 AM

Change 851738 had a related patch set uploaded (by Krinkle; author: Krinkle):

[mediawiki/extensions/FileImporter@master] Avoid unsafe wrapping of Message::parse() into paragraph

https://gerrit.wikimedia.org/r/851738

gerritbot added a comment.Nov 2 2022, 12:23 AM

Change 851739 had a related patch set uploaded (by Krinkle; author: Krinkle):

[mediawiki/extensions/MassMessage@master] Avoid unsafe wrapping of Message::parse() into paragraph

https://gerrit.wikimedia.org/r/851739

gerritbot added a comment.Nov 2 2022, 12:39 AM

Change 851739 merged by jenkins-bot:

[mediawiki/extensions/MassMessage@master] Avoid unsafe wrapping of Message::parse() into paragraph

https://gerrit.wikimedia.org/r/851739

ReleaseTaggerBot added a project: MW-1.40-notes (1.40.0-wmf.10; 2022-11-14).Nov 2 2022, 1:00 AM
thiemowmde added a project: WMDE-TechWish-Sprint-2022-10-26.Nov 2 2022, 8:34 AM
thiemowmde moved this task from Sprint Backlog to Done on the WMDE-TechWish-Sprint-2022-10-26 board.
gerritbot added a comment.Nov 2 2022, 9:16 AM

Change 851738 merged by jenkins-bot:

[mediawiki/extensions/FileImporter@master] Avoid unsafe wrapping of Message::parse() into paragraph

https://gerrit.wikimedia.org/r/851738

gerritbot added a comment.Nov 2 2022, 9:17 AM

Change 851736 merged by jenkins-bot:

[mediawiki/extensions/Collection@master] Avoid unsafe wrapping of Message::parse() into paragraph

https://gerrit.wikimedia.org/r/851736

Umherirrender renamed this task from Fix rare unafe use of Message::parse() in paragraph wrapper to Fix rare unsafe use of Message::parse() in paragraph wrapper.Nov 2 2022, 10:24 AM
Umherirrender updated the task description. (Show Details)
Daimona subscribed.Nov 2 2022, 3:04 PM

talk about ways to statically detect this if we think it's worthwile (eg. CodeSniffer or Phan).

CodeSniffer is not a static analysis tool, so I would recommend against using it for this purpose. With phan it should be easier, perhaps we could have a custom plugin in mediawiki-phan-config.

gerritbot added a comment.Nov 2 2022, 6:37 PM

Change 851737 merged by jenkins-bot:

[mediawiki/extensions/DiscussionTools@master] Avoid unsafe wrapping of Message::parse() into paragraph

https://gerrit.wikimedia.org/r/851737

Maintenance_bot removed a project: Patch-For-Review.Nov 2 2022, 7:30 PM
gerritbot added a comment.Nov 3 2022, 11:51 PM

Change 853070 had a related patch set uploaded (by Krinkle; author: Krinkle):

[mediawiki/extensions/CentralNotice@master] Avoid unsafe wrapping of Message::parse() into paragraph

https://gerrit.wikimedia.org/r/853070

gerritbot added a project: Patch-For-Review.Nov 3 2022, 11:51 PM
Krinkle added a comment.EditedNov 3 2022, 11:52 PM

Found one more, in CentralNotice. It eluded my prior search as it still uses Xml::tags to build HTML rather than Html::element.

Krinkle triaged this task as Low priority.Nov 4 2022, 2:21 PM
gerritbot added a comment.Nov 4 2022, 2:32 PM

Change 853070 merged by jenkins-bot:

[mediawiki/extensions/CentralNotice@master] Avoid unsafe wrapping of Message::parse() into paragraph

https://gerrit.wikimedia.org/r/853070

Maintenance_bot removed a project: Patch-For-Review.Nov 4 2022, 3:30 PM
Krinkle closed this task as Resolved.Dec 18 2022, 11:46 PM
Krinkle edited projects, added Performance-Team, MediaWiki-General; removed WMDE-TechWish-Sprint-2022-10-26, MW-1.40-notes (1.40.0-wmf.10; 2022-11-14), MediaWiki-Codesniffer, phan, WMF-General-or-Unknown.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL