Page MenuHomePhabricator
Create Task
Maniphest T407202

hCaptcha VisualEditor: Execute hCaptcha when in invisible mode mode if hCaptcha widget shown before first "Save changes" attempt
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

Summary

Now that we have displayed hCaptcha in the VisualEditor interface where possible during the first time the user opens the window, we should look to programmatically cause execution of hCaptcha when a user presses "Save changes" to complete the edit

Background

Acceptance criteria

  • When a user opens the VisualEditor "Publish changes" dialog and presses "Publish changes", any invisible hCaptcha widget displayed is executed as long as it was rendered before the first attempt to press "Publish changes" was made

Details

Other Assignee
dom_walden
Related Changes in Gerrit:
SubjectRepoBranchLines +/-
hCaptcha VisualEditor: Render hCaptcha privacy policy in save error handlermediawiki/extensions/ConfirmEditmaster+124 -25
hCaptcha VisualEditor: Mark hCaptcha as invisible if configured somediawiki/extensions/ConfirmEditmaster+28 -5
Execute hCaptcha on VisualEditor form submissionmediawiki/extensions/ConfirmEditmaster+351 -24
hCaptcha VisualEditor: Move rendering to ve.init.mw.HCaptcha.jsmediawiki/extensions/ConfirmEditmaster+55 -29
Add ve.init.mw.ArticleTarget.getSaveOptionsProcessmediawiki/extensions/VisualEditormaster+202 -17
Customize query in gerrit

Related Objects
Search...

Event Timeline

Dreamy_Jazz created this task.Oct 14 2025, 10:39 AM
Dreamy_Jazz added a subtask: T407196: hCaptcha VisualEditor: Render hCaptcha in save changes dialog as soon as this is possible.
Dreamy_Jazz removed a project: Epic.Oct 14 2025, 10:49 AM
Dreamy_Jazz moved this task from Priority backlog to Ready on the Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)) board.
kostajh changed the task status from Open to Stalled.Oct 14 2025, 11:50 AM
kostajh changed the status of subtask T407196: hCaptcha VisualEditor: Render hCaptcha in save changes dialog as soon as this is possible from Open to Stalled.
Dreamy_Jazz set the point value for this task to 1.Oct 14 2025, 2:10 PM
Dreamy_Jazz added a project: ConfirmEdit (CAPTCHA extension).Oct 17 2025, 10:56 AM
Dreamy_Jazz added a project: OKR-Work.Oct 17 2025, 1:39 PM
OKryva-WMF edited projects, added: Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)); removed: Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)).Oct 20 2025, 2:33 PM
OKryva-WMF moved this task from Backlog to Ready on the Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)) board.Oct 20 2025, 2:33 PM
Dreamy_Jazz changed the status of subtask T407196: hCaptcha VisualEditor: Render hCaptcha in save changes dialog as soon as this is possible from Stalled to Open.Oct 21 2025, 6:07 PM
Dreamy_Jazz mentioned this in T406335: hCaptcha VisualEditor plugin: Display hCaptcha before first "Save changes" button press if possible.Oct 23 2025, 3:25 PM
kostajh changed the task status from Stalled to In Progress.Oct 24 2025, 1:15 PM
kostajh claimed this task.
kostajh closed subtask T407196: hCaptcha VisualEditor: Render hCaptcha in save changes dialog as soon as this is possible as Resolved.
kostajh moved this task from Ready to In progress on the Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)) board.
kostajh moved this task from Backlog to On hold on the Bot detection and mitigation (WE4.2 hCaptcha editing trial) board.Nov 4 2025, 1:02 PM
kostajh removed kostajh as the assignee of this task.Nov 5 2025, 12:54 PM
kostajh moved this task from In progress to Backlog on the Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)) board.
kostajh subscribed.
Dreamy_Jazz claimed this task.Nov 28 2025, 12:52 PM
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz edited projects, added: Product Safety and Integrity (Crepes au Chocolat (Sprint Nov 10 - Nov 28)); removed: Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)).
Dreamy_Jazz moved this task from Backlog to In progress on the Product Safety and Integrity (Crepes au Chocolat (Sprint Nov 10 - Nov 28)) board.Nov 28 2025, 12:55 PM
Dreamy_Jazz changed the point value for this task from 1 to 3.Nov 28 2025, 2:03 PM

After looking over this ticket, it seems to be a much larger ticket than previously expected.

We need a way to able to halt or prevent edit submission in VisualEditor so the hCaptcha can execute. Then we need a way to either continue or restart the edit submission with the hCaptcha token once it has finished. This doesn't appear to be possible with the current VisualEditor hooks, so likely work will be needed in VisualEditor to support this.

Dreamy_Jazz moved this task from In progress to Backlog on the Product Safety and Integrity (Crepes au Chocolat (Sprint Nov 10 - Nov 28)) board.Nov 28 2025, 2:04 PM
OKryva-WMF edited projects, added: Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12); removed: Product Safety and Integrity (Crepes au Chocolat (Sprint Nov 10 - Nov 28)).Dec 1 2025, 9:07 AM
kostajh moved this task from Backlog to Ready on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 2 2025, 12:50 PM
Dreamy_Jazz moved this task from Ready to Backlog on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 2 2025, 12:50 PM
Dreamy_Jazz removed a project: Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12).
kostajh added a subscriber: DLynch.Dec 10 2025, 11:42 AM

Proposal from @DLynch:

If you wanted to just duplicate the current getPreSaveProcess methodology with a getSaveOptionsProcess that’s passed saveOptions to modify, that’d probably be most-fitting

kostajh added a project: Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12).Dec 10 2025, 11:43 AM

Bringing to current sprint to see if we can do this quickly.

kostajh moved this task from Backlog to Ready on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 10 2025, 12:50 PM
Dreamy_Jazz moved this task from Ready to In progress on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 10 2025, 6:06 PM
gerritbot added a comment.Dec 10 2025, 7:11 PM

Change #1217263 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/VisualEditor@master] [WIP] Add ve.init.mw.ArticleTarget.getSaveOptionsProcess

https://gerrit.wikimedia.org/r/1217263

gerritbot added a project: Patch-For-Review.Dec 10 2025, 7:11 PM
gerritbot added a comment.Dec 11 2025, 10:51 AM

Change #1217479 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/ConfirmEdit@master] [Very WIP] Execute hCaptcha on VisualEditor form submission

https://gerrit.wikimedia.org/r/1217479

Dreamy_Jazz moved this task from In progress to Needs review on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 15 2025, 10:50 AM

(first patch is awaiting review and the second is having some details discussed internally)

OKryva-WMF edited projects, added: Product Safety and Integrity (Sprint Daffodil (Jan 19 - Feb 6)); removed: Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12).Dec 19 2025, 9:22 AM
OKryva-WMF moved this task from Backlog to Needs review on the Product Safety and Integrity (Sprint Daffodil (Jan 19 - Feb 6)) board.
kostajh created subtask T413354: Decide: Should the hCaptcha challenge appear in a new panel in the publish dialog?.Dec 22 2025, 11:25 AM
gerritbot added a comment.Jan 9 2026, 6:00 PM

Change #1217263 merged by jenkins-bot:

[mediawiki/extensions/VisualEditor@master] Add ve.init.mw.ArticleTarget.getSaveOptionsProcess

https://gerrit.wikimedia.org/r/1217263

OKryva-WMF removed a project: Product Safety and Integrity (Sprint Daffodil (Jan 19 - Feb 6)).Jan 19 2026, 4:21 PM
Chlod mentioned this in T416818: VisualEditor gives "Something went wrong" warning when edit summary reminders are enabled.Feb 9 2026, 10:23 AM
kostajh moved this task from On hold to Ready on the Bot detection and mitigation (WE4.2 hCaptcha editing trial) board.Mar 30 2026, 12:58 PM
kostajh added a project: Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))).
Dreamy_Jazz moved this task from Backlog to Ready on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Apr 1 2026, 10:28 AM
Dreamy_Jazz moved this task from Ready to In progress on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Apr 1 2026, 10:27 PM
Dreamy_Jazz moved this task from In progress to Needs review on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Apr 3 2026, 12:10 AM
gerritbot added a comment.Apr 7 2026, 9:29 PM

Change #1268667 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/ConfirmEdit@master] hCaptcha VisualEditor: Move rendering to ve.init.mw.HCaptcha.js

https://gerrit.wikimedia.org/r/1268667

gerritbot added a comment.Apr 7 2026, 9:41 PM

Change #1268670 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/ConfirmEdit@master] hCaptcha VisualEditor: Render hCaptcha privacy policy in save error handler

https://gerrit.wikimedia.org/r/1268670

Dreamy_Jazz closed subtask T413354: Decide: Should the hCaptcha challenge appear in a new panel in the publish dialog? as Resolved.Apr 8 2026, 9:57 AM
gerritbot added a comment.Apr 8 2026, 11:21 AM

Change #1268667 merged by jenkins-bot:

[mediawiki/extensions/ConfirmEdit@master] hCaptcha VisualEditor: Move rendering to ve.init.mw.HCaptcha.js

https://gerrit.wikimedia.org/r/1268667

gerritbot added a comment.Apr 8 2026, 11:40 AM

Change #1268925 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/ConfirmEdit@master] hCaptcha VisualEditor: Mark hCaptcha as invisible if configured so

https://gerrit.wikimedia.org/r/1268925

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.24; 2026-04-14).Apr 8 2026, 12:00 PM
Dreamy_Jazz updated the task description. (Show Details)Apr 8 2026, 12:47 PM
Dreamy_Jazz mentioned this in T406364: hCaptcha VisualEditor: Fix execution for captcha error handler when in invisible mode / secure enclave mode.Apr 8 2026, 1:22 PM
gerritbot added a comment.Apr 8 2026, 1:51 PM

Change #1268670 merged by jenkins-bot:

[mediawiki/extensions/ConfirmEdit@master] hCaptcha VisualEditor: Render hCaptcha privacy policy in save error handler

https://gerrit.wikimedia.org/r/1268670

gerritbot added a comment.Apr 10 2026, 10:27 AM

Change #1217479 merged by jenkins-bot:

[mediawiki/extensions/ConfirmEdit@master] Execute hCaptcha on VisualEditor form submission

https://gerrit.wikimedia.org/r/1217479

gerritbot added a comment.Apr 10 2026, 10:27 AM

Change #1268925 merged by jenkins-bot:

[mediawiki/extensions/ConfirmEdit@master] hCaptcha VisualEditor: Mark hCaptcha as invisible if configured so

https://gerrit.wikimedia.org/r/1268925

Maintenance_bot removed a project: Patch-For-Review.Apr 10 2026, 10:30 AM
Dreamy_Jazz moved this task from Needs review to Needs QA on the Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))) board.Apr 10 2026, 2:07 PM
OKryva-WMF edited projects, added: Product Safety and Integrity (Sprint Tulip (Apr 13 - May 1)); removed: Product Safety and Integrity (Sprint Forsythia (Mar 23 - Apr 10))).Apr 14 2026, 7:28 AM
OKryva-WMF moved this task from Backlog to QA in Prod on the Product Safety and Integrity (Sprint Tulip (Apr 13 - May 1)) board.Apr 14 2026, 7:28 AM
OKryva-WMF moved this task from Ready to QA on the Bot detection and mitigation (WE4.2 hCaptcha editing trial) board.Apr 14 2026, 7:46 AM
dom_walden updated Other Assignee, added: dom_walden.Apr 20 2026, 12:54 PM
dom_walden subscribed.Apr 30 2026, 10:17 AM

I don't fully understand this change. However, I have certainly seen the hCaptcha loading both on initial click of "Publish changes" and on the second click (after you have seen the "Please resubmit..." message). @Dreamy_Jazz Is there anything else?

OKryva-WMF edited projects, added: Product Safety and Integrity (Sprint lily-of-the-valley (May 4 - May 22)); removed: Product Safety and Integrity (Sprint Tulip (Apr 13 - May 1)).May 1 2026, 7:42 AM
OKryva-WMF moved this task from Backlog to QA in Prod on the Product Safety and Integrity (Sprint lily-of-the-valley (May 4 - May 22)) board.May 1 2026, 7:43 AM
Dreamy_Jazz closed this task as Resolved.May 11 2026, 2:11 PM
Dreamy_Jazz updated the task description. (Show Details)
Dreamy_Jazz moved this task from QA to Done on the Bot detection and mitigation (WE4.2 hCaptcha editing trial) board.
In T407202#11874567, @dom_walden wrote:

I don't fully understand this change. However, I have certainly seen the hCaptcha loading both on initial click of "Publish changes" and on the second click (after you have seen the "Please resubmit..." message). @Dreamy_Jazz Is there anything else?

This task was for the "hCaptcha loading both on initial click of "Publish changes"", so going to take this is done for QA

Dreamy_Jazz moved this task from QA in Prod to Done on the Product Safety and Integrity (Sprint lily-of-the-valley (May 4 - May 22)) board.May 11 2026, 2:13 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits