Page MenuHomePhabricator
Create Task
Maniphest T378159

"Summary of your vote" does not render HTML
Closed, ResolvedPublicBUG REPORT
Actions

Description

Discovered in T371454: Use SecurePoll for enwiki's admin election (Fri Oct 25, 2024 - Thu Oct 31, 2024)

Steps to replicate the issue (include links if applicable):

  • LocalSettings.php config:
wfLoadExtension( 'SecurePoll' );
$wgGroupPermissions['sysop']['securepoll-create-poll'] = true;
$wgGroupPermissions['electionadmin'] = [];
$wgSecurePollSingleTransferableVoteEnabled = true;
  • Visit http://localhost:8080/wiki/Special:SecurePoll/create
  • Create an election of poll type "Range voting (histogram range)"
  • For the option text, add [[w:en:Wikipedia:Administrator_elections/October_2024/Candidates/Queen of Hearts|Queen of Hearts]]
  • Wait for the election to open
  • Go vote

What happens?:

  • On the form submitted page, you see raw HTML in the "Summary of your vote" section

image.png (1×2 px, 359 KB)

What should have happened instead?:

  • HTML is rendered

Software version (on Special:Version page; skip for WMF-hosted wikis like Wikipedia):

Other information (browser name/version, screenshots, etc.):

  • Might be an easy one. May just need to switch from using a <pre> tag to a <div style="color: gray;"> or something.

Details

SubjectRepoBranchLines +/-
votepage: Fix display of vote summary (2)mediawiki/extensions/SecurePollmaster+1 -1
votepage: Fix display of vote summarymediawiki/extensions/SecurePollmaster+8 -8
Customize query in gerrit

Related Objects

Event Timeline

Novem_Linguae created this task.Oct 25 2024, 12:34 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 25 2024, 12:34 AM
HouseBlaster subscribed.Oct 25 2024, 12:46 AM
ClydeFranklin subscribed.Oct 25 2024, 1:18 AM
DreamRimmer subscribed.Oct 25 2024, 2:02 AM
Thryduulf subscribed.Oct 25 2024, 1:12 PM
Zippybonzo subscribed.Oct 25 2024, 1:18 PM
A_smart_kitten subscribed.Oct 25 2024, 8:57 PM
jrbs subscribed.Oct 25 2024, 9:35 PM

I'm not great with PHP, but would using Html::rawElement instead of Html::element in includes/Pages/VotePage.php resolve this issue? Seems to work on my local install.

Ammarpad subscribed.Oct 26 2024, 11:08 AM

Add a candidate named <a href="http://test.com">Candidate Name</a>

Do this actually worked this way in your test or you assume it would?

I belive the option text does not accept html. It only accepts text which is parsed as wikitext and produces the error you show above.

Pppery added a comment.Oct 26 2024, 3:40 PM

Indeed, they're specified as wikitext at https://vote.wikimedia.org/wiki/SecurePoll:1691/msg/en. But it's still a bug that it's being parsed and then escaped.

Ammarpad added a comment.Oct 26 2024, 3:52 PM

I know and I want to fix that. But because I cannot produce what's displayed here with the exact steps he gave, I wanted to get clarification to the question I asked before proceeding.

Novem_Linguae updated the task description. (Show Details)Oct 26 2024, 6:57 PM
Novem_Linguae added a comment.Oct 26 2024, 6:59 PM
In T378159#10264637, @Ammarpad wrote:

Add a candidate named <a href="http://test.com">Candidate Name</a>

Do this actually worked this way in your test or you assume it would?

I belive the option text does not accept html. It only accepts text which is parsed as wikitext and produces the error you show above.

I meant to use a wikilink. Thanks for checking. Ticket updated.

I could not confirm in my localhost due to T378268: histogram range vote: putting invalid min or max should be caught during form validation and T378269: Fatal error: Cannot declare class ParserOptions. SecurePoll seems to be very fragile and throw exceptions if a noobie like me misconfigures a poll. But hopefully enough information is now conveyed so that this ticket makes sense.

Ammarpad claimed this task.Sun, Oct 27, 9:08 AM
gerritbot added a comment.Sun, Oct 27, 9:52 AM

Change #1083396 had a related patch set uploaded (by Ammarpad; author: Ammarpad):

[mediawiki/extensions/SecurePoll@master] votepage: Fix display of vote summary

https://gerrit.wikimedia.org/r/1083396

gerritbot added a project: Patch-For-Review.Sun, Oct 27, 9:52 AM
gerritbot added a comment.Tue, Oct 29, 9:27 AM

Change #1083396 merged by jenkins-bot:

[mediawiki/extensions/SecurePoll@master] votepage: Fix display of vote summary

https://gerrit.wikimedia.org/r/1083396

Novem_Linguae closed this task as Resolved.Tue, Oct 29, 9:28 AM
Maintenance_bot removed a project: Patch-For-Review.Tue, Oct 29, 9:30 AM
A_smart_kitten added a comment.Tue, Oct 29, 9:45 AM

Might be a very minor thing, but is it worth backporting this fix for the benefit of people yet to vote in the enwiki admin elections?

ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.2; 2024-11-05).Tue, Oct 29, 10:00 AM
gerritbot added a comment.Tue, Nov 19, 8:03 AM

Change #1092742 had a related patch set uploaded (by Ammarpad; author: Ammarpad):

[mediawiki/extensions/SecurePoll@master] votepage: Fix display of vote summary (2)

https://gerrit.wikimedia.org/r/1092742

gerritbot added a project: Patch-For-Review.Tue, Nov 19, 8:03 AM
gerritbot added a comment.Tue, Nov 19, 9:36 AM

Change #1092742 merged by jenkins-bot:

[mediawiki/extensions/SecurePoll@master] votepage: Fix display of vote summary (2)

https://gerrit.wikimedia.org/r/1092742

ReleaseTaggerBot edited projects, added MW-1.44-notes (1.44.0-wmf.5; 2024-11-25); removed MW-1.44-notes (1.44.0-wmf.2; 2024-11-05).Tue, Nov 19, 10:00 AM
Maintenance_bot removed a project: Patch-For-Review.Tue, Nov 19, 10:30 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits