Page MenuHomePhabricator
Create Task
Maniphest T382858

[Regression] Copying references between VE instances does not work
Closed, ResolvedPublicBUG REPORT
Actions

Description

Steps to replicate the issue (include links if applicable):

What should have happened instead?: copy-pasting references should work, even when copying reused references.

This is a regression, it used to work a few months ago.

Other information (browser name/version, screenshots, etc.):
Latest FF on Windows 10

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Ensure data-mw attribute isn't removed by DOMPurify on pastemediawiki/extensions/Citemaster+11 -1
Clipboard: escape certain sequences to avoid DOMPurify removing data-mwVisualEditor/VisualEditormaster+26 -0
Customize query in gerrit

Related Objects

Event Timeline

Strainu created this task.Jan 1 2025, 5:45 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 1 2025, 5:45 PM
matmarex added projects: Cite, VisualEditor-MediaWiki-References, VisualEditor-CopyPaste, Regression.Jan 1 2025, 10:19 PM
matmarex subscribed.Jan 1 2025, 10:30 PM

I can reproduce locally. This seems to happen when the reference uses a citation template, but not when it uses plain text, and regardless of whether or not it is reused.

I bisected it – it's caused by rEVED4bc814f1a055: Update VE core submodule to master (bae9101b7), which contains several changes to copy/paste code.

Esanders added a project: Editing-team.Feb 4 2025, 10:26 AM
Esanders moved this task from To Triage to Triaged on the VisualEditor board.
Esanders edited projects, added Editing-team (Kanban Board); removed Editing-team.
zoe subscribed.Mar 6 2025, 5:01 PM

I've pulled out the functions that were relocated and diffed them separately here: https://phabricator.wikimedia.org/P74141

zoe added a comment.Mar 13 2025, 4:05 PM

This bug is caused by a change to DOMPurify: https://github.com/cure53/DOMPurify/commit/ae517d6fb004b29421ae57a00432cfd463805622

/* Work around a security issue with comments inside attributes */
if (SAFE_FOR_XML && regExpTest(/((--!?|])>)|<\/(style|title)/i, value)) {
  _removeAttribute(name, currentNode);
  continue;
}

When we copy from VE inside Romanian wikipedia, we get a ref node wrapping a format node. When we pick up the format node it comes along with a <style> element, and the closing tag gets caught by this sanitiser match, which duly removes the entire data-mw attribute while pasting. This leaves us with an element which has a type indicating that it's a ref, but no data to place within it. That's why the bug only appears on certain wikipedias, and why it only happens when a ref contains another node.

We've a few options from here:

  • Add a DOMPurify hook that specifically allows mw-data
  • Fudge the copying code to escape </style> somehow
  • Fudge the pasting code to escape </style> somehow
  • Avoid copying <style/> tags entirely
matmarex added a comment.Mar 14 2025, 6:13 PM

DOMPurify changes caused a similar problem some time ago: T279215#8525105 and that time, they resolved it after we reported it.

Or maybe you could turn off the SAFE_FOR_XML option, it was added alongside that change, and it may not be needed for VE. I haven't tried to understand what exactly it does.

gerritbot added a comment.Mar 17 2025, 4:53 PM

Change #1128474 had a related patch set uploaded (by Zoe; author: Zoe):

[VisualEditor/VisualEditor@master] Clipboard: escape certain sequences to avoid DOMPurify removing data-mw

https://gerrit.wikimedia.org/r/1128474

gerritbot added a project: Patch-For-Review.Mar 17 2025, 4:53 PM
gerritbot added a comment.Mar 18 2025, 9:49 AM

Change #1128474 abandoned by Zoe:

[VisualEditor/VisualEditor@master] Clipboard: escape certain sequences to avoid DOMPurify removing data-mw

Reason:

Ed pointed out this should be in the MW parts of the codebase as it's MW-specific.

https://gerrit.wikimedia.org/r/1128474

Maintenance_bot removed a project: Patch-For-Review.Mar 18 2025, 10:31 AM
zoe claimed this task.Mar 19 2025, 5:20 PM
gerritbot added a comment.Mar 20 2025, 3:09 PM

Change #1129852 had a related patch set uploaded (by Zoe; author: Zoe):

[mediawiki/extensions/Cite@master] Ensure data-mw attribute isn't removed by DOMPurify on paste

https://gerrit.wikimedia.org/r/1129852

gerritbot added a project: Patch-For-Review.Mar 20 2025, 3:09 PM
zoe removed a project: Patch-For-Review.Mar 25 2025, 1:30 PM
zoe added a project: Patch-For-Review.
gerritbot added a comment.Mar 27 2025, 3:08 PM

Change #1129852 merged by jenkins-bot:

[mediawiki/extensions/Cite@master] Ensure data-mw attribute isn't removed by DOMPurify on paste

https://gerrit.wikimedia.org/r/1129852

ReleaseTaggerBot added a project: MW-1.44-notes (1.44.0-wmf.23; 2025-04-01).Mar 27 2025, 4:00 PM
matmarex moved this task from Inbox to QA on the Editing-team (Kanban Board) board.Mar 29 2025, 11:47 AM
matmarex added a project: Editing QA.
EAkinloose edited projects, added Verified; removed Editing QA.Apr 3 2025, 4:33 PM
EAkinloose moved this task from QA to Ready for Sign Off on the Editing-team (Kanban Board) board.
VPuffetMichel closed this task as Resolved.Apr 26 2025, 3:39 PM
VPuffetMichel edited projects, added Essential-Work; removed Verified, MW-1.44-notes (1.44.0-wmf.23; 2025-04-01), Patch-For-Review, Editing-team (Kanban Board), Regression, VisualEditor-CopyPaste, VisualEditor-MediaWiki-References, Cite, VisualEditor.
Aklapper added projects: Verified, MW-1.44-notes (1.44.0-wmf.23; 2025-04-01), Editing-team (Kanban Board), Regression, VisualEditor-CopyPaste, VisualEditor-MediaWiki-References, Cite, VisualEditor.May 1 2025, 9:50 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits