hCaptcha VisualEditor: Execute hCaptcha when in invisible mode mode if hCaptcha widget shown before first "Save changes" attempt
Open, In Progress, Needs TriagePublic3 Estimated Story Points
Actions

Description

Summary

Now that we have displayed hCaptcha in the VisualEditor interface where possible during the first time the user opens the window, we should look to programmatically cause execution of hCaptcha when a user presses "Save changes" to complete the edit

Background

In T407196: hCaptcha VisualEditor: Render hCaptcha in save changes dialog as soon as this is possible, we updated the VisualEditor captcha handling to make it possible to display the hCaptcha widget earlier in the editing workflow process (in specific circumstances)
- When both in those specific circumstances are met and hCaptcha is in invisible mode, we should execute hCaptcha on behalf of the user if they press "Save changes"
  - This emulates the behaviour of the existing hCaptcha secure enclave handling in the wikitext editor, as execution is triggered when the user submits their edit
We should not programmatically execute hCaptcha when any of the following apply:
- The hCaptcha widget was shown only after the user first attempted to save their edit - This will be handled in T406364: hCaptcha VisualEditor: Fix execution for captcha error handler when in invisible mode / secure enclave mode and needs Design input
- hCaptcha is not in invisible mode (though arguably we could do this to save the user a click)

Technical notes

TBD

Acceptance criteria

When a user opens the VisualEditor "Publish changes" dialog and presses "Publish changes", any invisible hCaptcha widget displayed is executed as long as it was rendered before the first attempt to press "Publish changes" was made

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	[Very WIP] Execute hCaptcha on VisualEditor form submission	mediawiki/extensions/ConfirmEdit	master	+43 -1
	Add ve.init.mw.ArticleTarget.getSaveOptionsProcess	mediawiki/extensions/VisualEditor	master	+202 -17

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Open	None	T406335 hCaptcha VisualEditor plugin: Display hCaptcha before first "Save changes" button press if possible
In Progress	Dreamy_Jazz	T407202 hCaptcha VisualEditor: Execute hCaptcha when in invisible mode mode if hCaptcha widget shown before first "Save changes" attempt
Resolved	Dreamy_Jazz	T407196 hCaptcha VisualEditor: Render hCaptcha in save changes dialog as soon as this is possible
Resolved	Dreamy_Jazz	T407146 hCaptcha VisualEditor: Load hCaptcha secure-api.js when user interacts with edit form
Resolved	Dreamy_Jazz	T407209 hCaptcha: Debounce loading of hCaptcha SDK to ensure it happens at most once per request
Resolved	Dreamy_Jazz	T407377 hCaptcha: Create front-end JS configuration variable that indicates whether an edit to the given page would require hCaptcha completion
Resolved	Dreamy_Jazz	T407390 VisualEditor: Create a service to determine if a given page has VisualEditor available
Declined	hector.arroyo	T407428 MobileFrontend: Make it possible to read the value of wgMFIsSupportedEditRequest in PHP
Open	ppelberg	T413354 Decide: Should the hCaptcha challenge appear in a new panel in the publish dialog?

Event Timeline

Dreamy_Jazz created this task.Oct 14 2025, 10:39 AM

Dreamy_Jazz added a subtask: T407196: hCaptcha VisualEditor: Render hCaptcha in save changes dialog as soon as this is possible.

Dreamy_Jazz removed a project: Epic.Oct 14 2025, 10:49 AM

Dreamy_Jazz moved this task from Priority backlog to Ready on the Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)) board.

kostajh changed the task status from Open to Stalled.Oct 14 2025, 11:50 AM

kostajh changed the status of subtask T407196: hCaptcha VisualEditor: Render hCaptcha in save changes dialog as soon as this is possible from Open to Stalled.

Dreamy_Jazz set the point value for this task to 1.Oct 14 2025, 2:10 PM

Dreamy_Jazz added a project: ConfirmEdit (CAPTCHA extension).Oct 17 2025, 10:56 AM

Dreamy_Jazz added a project: OKR-Work.Oct 17 2025, 1:39 PM

OKryva-WMF edited projects, added Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)); removed Product Safety and Integrity (Sprint Apfel Strudel (Sep 29 - Oct 17)).Oct 20 2025, 2:33 PM

OKryva-WMF moved this task from Backlog to Ready on the Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)) board.Oct 20 2025, 2:33 PM

Dreamy_Jazz changed the status of subtask T407196: hCaptcha VisualEditor: Render hCaptcha in save changes dialog as soon as this is possible from Stalled to Open.Oct 21 2025, 6:07 PM

Dreamy_Jazz mentioned this in T406335: hCaptcha VisualEditor plugin: Display hCaptcha before first "Save changes" button press if possible.Oct 23 2025, 3:25 PM

kostajh changed the task status from Stalled to In Progress.Oct 24 2025, 1:15 PM

kostajh claimed this task.

kostajh closed subtask T407196: hCaptcha VisualEditor: Render hCaptcha in save changes dialog as soon as this is possible as Resolved.

kostajh moved this task from Ready to In progress on the Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)) board.

kostajh moved this task from Backlog to On hold on the WE4.2 Bot detection (WE4.2 hCaptcha editing trial) board.Nov 4 2025, 1:02 PM

kostajh removed kostajh as the assignee of this task.Nov 5 2025, 12:54 PM

kostajh moved this task from In progress to Backlog on the Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)) board.

kostajh subscribed.

Dreamy_Jazz claimed this task.Nov 28 2025, 12:52 PM

Dreamy_Jazz updated the task description. (Show Details)

Dreamy_Jazz edited projects, added Product Safety and Integrity (Crepes au Chocolat (Sprint Nov 10 - Nov 28)); removed Product Safety and Integrity (Sprint Mint Choc Chip Ice Cream (Oct 20 - Nov 7)).

Dreamy_Jazz moved this task from Backlog to In progress on the Product Safety and Integrity (Crepes au Chocolat (Sprint Nov 10 - Nov 28)) board.Nov 28 2025, 12:55 PM

After looking over this ticket, it seems to be a much larger ticket than previously expected.

We need a way to able to halt or prevent edit submission in VisualEditor so the hCaptcha can execute. Then we need a way to either continue or restart the edit submission with the hCaptcha token once it has finished. This doesn't appear to be possible with the current VisualEditor hooks, so likely work will be needed in VisualEditor to support this.

Dreamy_Jazz moved this task from In progress to Backlog on the Product Safety and Integrity (Crepes au Chocolat (Sprint Nov 10 - Nov 28)) board.Nov 28 2025, 2:04 PM

OKryva-WMF edited projects, added Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12); removed Product Safety and Integrity (Crepes au Chocolat (Sprint Nov 10 - Nov 28)).Dec 1 2025, 9:07 AM

kostajh moved this task from Backlog to Ready on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 2 2025, 12:50 PM

Dreamy_Jazz moved this task from Ready to Backlog on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 2 2025, 12:50 PM

Dreamy_Jazz removed a project: Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12).

Proposal from @DLynch:

If you wanted to just duplicate the current getPreSaveProcess methodology with a getSaveOptionsProcess that’s passed saveOptions to modify, that’d probably be most-fitting

Bringing to current sprint to see if we can do this quickly.

kostajh moved this task from Backlog to Ready on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 10 2025, 12:50 PM

Dreamy_Jazz moved this task from Ready to In progress on the Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12) board.Dec 10 2025, 6:06 PM

Change #1217263 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/VisualEditor@master] [WIP] Add ve.init.mw.ArticleTarget.getSaveOptionsProcess

https://gerrit.wikimedia.org/r/1217263

gerritbot added a project: Patch-For-Review.Dec 10 2025, 7:11 PM

Change #1217479 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/ConfirmEdit@master] [Very WIP] Execute hCaptcha on VisualEditor form submission

https://gerrit.wikimedia.org/r/1217479

(first patch is awaiting review and the second is having some details discussed internally)

OKryva-WMF edited projects, added Product Safety and Integrity (Sprint Jan 19 - Feb 6); removed Product Safety and Integrity (Sprint Mince Pie Dec 1 - Dec 12).Fri, Dec 19, 9:22 AM

OKryva-WMF moved this task from Backlog to Needs review on the Product Safety and Integrity (Sprint Jan 19 - Feb 6) board.

kostajh created subtask T413354: Decide: Should the hCaptcha challenge appear in a new panel in the publish dialog?.Mon, Dec 22, 11:25 AM

Change #1217263 merged by jenkins-bot:

[mediawiki/extensions/VisualEditor@master] Add ve.init.mw.ArticleTarget.getSaveOptionsProcess