Page MenuHomePhabricator

Application Security Review Request : Vector 2022
Open, Needs TriagePublic

Description

Project Information

 13:19:55 jan@wmf2204 ~/Gerrit/mediawiki/core/skins/Vector/resources:
 $ scc skins.vector.es6 skins.vector.js
───────────────────────────────────────────────────────────────────────────────
Language                 Files     Lines   Blanks  Comments     Code Complexity
───────────────────────────────────────────────────────────────────────────────
JavaScript                  21      3199      314      1170     1715        268
JSON                         3        14        0         0       14          0
SVG                          2         2        0         0        2          0
LESS                         1        31        4        10       17          0
───────────────────────────────────────────────────────────────────────────────
Total                       27      3246      318      1180     1748        268
───────────────────────────────────────────────────────────────────────────────
Estimated Cost to Develop (organic) $48,558
Estimated Schedule Effort (organic) 4.36 months
Estimated People Required (organic) 0.99
───────────────────────────────────────────────────────────────────────────────
Processed 100621 bytes, 0.101 megabytes (SI)
───────────────────────────────────────────────────────────────────────────────

Description of the tool/project: The Vector 2022 skin is an update of the Vector skin (initially created in 2010).
Notable features include:

  • Typeahead search with thumbnails
  • Sticky header featuring page title, search and user menu (currently for logged in users only)
  • Sticky & pinnable table of contents (can be placed in sidebar or near page title)
  • Pinnable main menu (hidden via hamburger icon, ability to pin the menu to sidebar)
  • Page Tools menu (on right-hand sidebar, also pinnable)

Description of how the tool will be used at WMF:
This skin aims to become the default skin for all Wikimedia projects.

Dependencies

  • Typehead search provided by Codex component.

No other dependencies, just vanilla JS.

Has this project been reviewed before?

  • The Codex typeahead search component has already been reviewed.

https://phabricator.wikimedia.org/T257579
https://phabricator.wikimedia.org/T302772

Working test environment

  • Install the Vector skin
  • Set $wgDefaultSkin = 'vector-2022'; in localSetting.php or use the useskin=vector-2022 url param.
  • Enable the Page Tools feature
$wgVectorPageTools = [
	"logged_in" => true,
	"logged_out" => true
];

or use the url param vectorpagetools=1

  • log in & scroll down an article page to see the sticky header feature.
  • proxy search results from enwiki (in localSettings) $wgVectorSearchHost = 'en.wikipedia.org';

Post-deployment
The Web Team is responsible for this skin and bugs can be filed with the Readers-Web-Backlog tag.

Details

Risk Rating
Low