Page MenuHomePhabricator
Create Task
Maniphest T360258

Previewing global.js with "<script>" returns MediaWiki internal error "DomainException"
Closed, ResolvedPublicBUG REPORT
Actions

Description

Steps to replicate the issue:

What happens?:

MediaWiki internal error.

Original exception: [b3766e42-894a-44bc-bf04-31f11b3d6c8d] 2024-03-17 10:36:39: Fatal exception of type "DomainException"

What should have happened instead?:
The preview is shown.

Other information:
The error seems to occur as long as the page is a valid JS and '<script>' or "<script>" is included anywhere in someone's User/global.js script. Edit diff and saving edit works fine. You can even edit the saved global.js with '<script>' or "<script>", even if "Show preview when starting to edit" is on (but preview fails).

Note that the bug does not affect User/common.js, only the global.js powered by the GlobalCssJs extension is affected. This is because the User/common.js feature in core still uses "eval" and thus transports code as an escaped string. The GlobalCssJs extension uses modern module scope, and thus is subject to the Html.php restriction.

Error
normalized_message
[{reqId}] {exception_url}   DomainException: Prefix must match value
exception.trace
from /srv/mediawiki/php-1.42.0-wmf.22/vendor/wikimedia/wrappedstring/src/WrappedString.php(49)
#0 /srv/mediawiki/php-1.42.0-wmf.22/includes/ResourceLoader/ResourceLoader.php(1795): Wikimedia\WrappedString->__construct(string, string, string)
#1 /srv/mediawiki/php-1.42.0-wmf.22/includes/ResourceLoader/ClientHtml.php(478): MediaWiki\ResourceLoader\ResourceLoader::makeInlineScript(string)
#2 /srv/mediawiki/php-1.42.0-wmf.22/includes/ResourceLoader/ClientHtml.php(396): MediaWiki\ResourceLoader\ClientHtml::makeLoad(MediaWiki\ResourceLoader\DerivativeContext, array, string, array)
#3 /srv/mediawiki/php-1.42.0-wmf.22/includes/ResourceLoader/ClientHtml.php(335): MediaWiki\ResourceLoader\ClientHtml->getLoad(array, string)
#4 /srv/mediawiki/php-1.42.0-wmf.22/includes/Output/OutputPage.php(3567): MediaWiki\ResourceLoader\ClientHtml->getHeadHtml(string)
#5 /srv/mediawiki/php-1.42.0-wmf.22/includes/skins/SkinMustache.php(98): MediaWiki\Output\OutputPage->headElement(MediaWiki\Skins\Vector\SkinVectorLegacy)
#6 /srv/mediawiki/php-1.42.0-wmf.22/includes/skins/SkinTemplate.php(176): SkinMustache->generateHTML()
#7 /srv/mediawiki/php-1.42.0-wmf.22/includes/Output/OutputPage.php(3004): SkinTemplate->outputPage()
#8 /srv/mediawiki/php-1.42.0-wmf.22/includes/actions/ActionEntryPoint.php(162): MediaWiki\Output\OutputPage->output(boolean)
#9 /srv/mediawiki/php-1.42.0-wmf.22/includes/MediaWikiEntryPoint.php(199): MediaWiki\Actions\ActionEntryPoint->execute()
#10 /srv/mediawiki/php-1.42.0-wmf.22/index.php(58): MediaWiki\MediaWikiEntryPoint->run()
#11 /srv/mediawiki/w/index.php(3): require(string)
#12 {main}
normalized_message
[{reqId}] {exception_url}   PHP Warning: MediaWiki\Html\Html::inlineScript: Illegal character sequence found in inline script. [Called from MediaWiki\Html\Html::inlineScript in /srv/mediawiki/php-1.42.0-wmf.22/includes/Html/Html.php at line 579]
exception.trace
from /srv/mediawiki/php-1.42.0-wmf.22/includes/debug/MWDebug.php(492)
#0 [internal function]: MWExceptionHandler::handleError(integer, string, string, integer, array)
#1 /srv/mediawiki/php-1.42.0-wmf.22/includes/debug/MWDebug.php(492): trigger_error(string, integer)
#2 /srv/mediawiki/php-1.42.0-wmf.22/includes/debug/MWDebug.php(203): MWDebug::sendMessage(string, string, integer)
#3 /srv/mediawiki/php-1.42.0-wmf.22/includes/GlobalFunctions.php(825): MWDebug::warning(string, integer, integer, string)
#4 /srv/mediawiki/php-1.42.0-wmf.22/includes/Html/Html.php(579): wfLogWarning(string)
#5 /srv/mediawiki/php-1.42.0-wmf.22/includes/ResourceLoader/ResourceLoader.php(1793): MediaWiki\Html\Html::inlineScript(string)
#6 /srv/mediawiki/php-1.42.0-wmf.22/includes/ResourceLoader/ClientHtml.php(478): MediaWiki\ResourceLoader\ResourceLoader::makeInlineScript(string)
#7 /srv/mediawiki/php-1.42.0-wmf.22/includes/ResourceLoader/ClientHtml.php(396): MediaWiki\ResourceLoader\ClientHtml::makeLoad(MediaWiki\ResourceLoader\DerivativeContext, array, string, array)
#8 /srv/mediawiki/php-1.42.0-wmf.22/includes/ResourceLoader/ClientHtml.php(335): MediaWiki\ResourceLoader\ClientHtml->getLoad(array, string)
#9 /srv/mediawiki/php-1.42.0-wmf.22/includes/Output/OutputPage.php(3567): MediaWiki\ResourceLoader\ClientHtml->getHeadHtml(string)
#10 /srv/mediawiki/php-1.42.0-wmf.22/includes/skins/SkinMustache.php(98): MediaWiki\Output\OutputPage->headElement(MediaWiki\Skins\Vector\SkinVectorLegacy)
#11 /srv/mediawiki/php-1.42.0-wmf.22/includes/skins/SkinTemplate.php(176): SkinMustache->generateHTML()
#12 /srv/mediawiki/php-1.42.0-wmf.22/includes/Output/OutputPage.php(3004): SkinTemplate->outputPage()
#13 /srv/mediawiki/php-1.42.0-wmf.22/includes/exception/MWExceptionRenderer.php(189): MediaWiki\Output\OutputPage->output()
#14 /srv/mediawiki/php-1.42.0-wmf.22/includes/exception/MWExceptionRenderer.php(106): MWExceptionRenderer::reportHTML(DomainException)
#15 /srv/mediawiki/php-1.42.0-wmf.22/includes/exception/MWExceptionHandler.php(133): MWExceptionRenderer::output(DomainException, integer)
#16 /srv/mediawiki/php-1.42.0-wmf.22/includes/exception/MWExceptionHandler.php(237): MWExceptionHandler::report(DomainException)
#17 /srv/mediawiki/php-1.42.0-wmf.22/includes/MediaWikiEntryPoint.php(220): MWExceptionHandler::handleException(DomainException, string)
#18 /srv/mediawiki/php-1.42.0-wmf.22/includes/actions/ActionEntryPoint.php(82): MediaWiki\MediaWikiEntryPoint->handleTopLevelError(DomainException)
#19 /srv/mediawiki/php-1.42.0-wmf.22/includes/MediaWikiEntryPoint.php(204): MediaWiki\Actions\ActionEntryPoint->handleTopLevelError(DomainException)
#20 /srv/mediawiki/php-1.42.0-wmf.22/index.php(58): MediaWiki\MediaWikiEntryPoint->run()
#21 /srv/mediawiki/w/index.php(3): require(string)
#22 {main}

Details

SubjectRepoBranchLines +/-
OutputPage: Use the same script tag pattern as Html::inlineScript()mediawiki/coremaster+4 -4
Customize query in gerrit

Related Objects

Event Timeline

Nardog created this task.Mar 17 2024, 10:47 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 17 2024, 10:47 AM
Nardog updated the task description. (Show Details)Mar 17 2024, 10:47 AM
Nardog updated the task description. (Show Details)Mar 17 2024, 10:50 AM
Ammarpad updated the task description. (Show Details)Mar 17 2024, 12:25 PM
Ammarpad updated the task description. (Show Details)Mar 17 2024, 4:34 PM
thcipriani added a project: Web-Team-Backlog.Mar 21 2024, 3:22 PM
thcipriani moved this task from Untriaged to Mar 2024 on the Wikimedia-production-error board.
ovasileva removed a project: Web-Team-Backlog.Mar 21 2024, 3:43 PM
ovasileva added subscribers: thcipriani, ovasileva.

@thcipriani - this isn't maintained by the web team so untagging. Unsure of what to properly tag this with, seems like there's no current maintainer (https://www.mediawiki.org/wiki/Developers/Maintainers)

thcipriani added a project: Unstewarded-production-error.Mar 21 2024, 4:21 PM
In T360258#9650080, @ovasileva wrote:

@thcipriani - this isn't maintained by the web team so untagging. Unsure of what to properly tag this with, seems like there's no current maintainer (https://www.mediawiki.org/wiki/Developers/Maintainers)

Thanks for the quick response, sorry for the noise—overly-fast triaging on my part.

Unmaintained production errors are tagged with Unstewarded-production-error so we can at least keep track of the problems affecting prod that have no official maintainer (which is true of GlobalCssJs)

Nardog added a comment.Mar 22 2024, 3:52 AM

What about Editing-team? GlobalCssJs may have no maintainer but preview certainly does, no?

Func subscribed.May 11 2024, 5:59 PM

Related: T200506

gerritbot added a comment.May 11 2024, 6:17 PM

Change #1030546 had a related patch set uploaded (by Func; author: Func):

[mediawiki/core@master] OutputPage: Use the same pattern to test for script tags in JS preview

https://gerrit.wikimedia.org/r/1030546

gerritbot added a project: Patch-For-Review.May 11 2024, 6:17 PM
Krinkle edited projects, added MediaWiki-ResourceLoader; removed MediaWiki-Page-editing.May 13 2024, 12:18 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptMay 13 2024, 12:18 PM
Krinkle claimed this task.May 13 2024, 12:18 PM
Krinkle triaged this task as High priority.
Krinkle removed a project: Unstewarded-production-error.
Krinkle moved this task from Inbox to Confirmed Problem on the MediaWiki-ResourceLoader board.

Thanks for the patch!

DAlangi_WMF moved this task from Inbox, needs triage to Current Sprint on the MediaWiki-Platform-Team board.May 13 2024, 12:21 PM
gerritbot added a comment.May 13 2024, 12:41 PM

Change #1030546 merged by jenkins-bot:

[mediawiki/core@master] OutputPage: Use the same script tag pattern as Html::inlineScript()

https://gerrit.wikimedia.org/r/1030546

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.5; 2024-05-14).May 13 2024, 1:00 PM
Maintenance_bot removed a project: Patch-For-Review.May 13 2024, 1:31 PM
Krinkle closed this task as Resolved.May 13 2024, 2:19 PM
Krinkle updated the task description. (Show Details)
Func merged a task: T355887: PHP Warning: MediaWiki\Html\Html::inlineScript: Illegal character sequence found in inline script. [Called from MediaWiki\Html\Html::inlineScript in /srv/mediawiki/php-1.42.0-wmf.15/includes/Html/Html.php at line 626].May 15 2024, 2:59 PM
Func added a subscriber: hashar.
hashar unsubscribed.May 17 2024, 8:03 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits