Page MenuHomePhabricator
Create Task
Maniphest T85508

Fix incorrect deserialization of HTML in Flow
Closed, ResolvedPublic
Actions

Description

This is related to jQuery 1.9's change in how HTML is recognized by the $() function.

  • mwUiTooltipShow (modules/engine/misc/mw-ui.enhance.js) looks like it allows passing arbitrary HTML as content, which would be affected by this; this should also be documented.
  • plaintextSnippet (flow-handlebars.js) should use $.parseHTML for safety when contentFormta is 'html'.
  • FlowBoardComponentApiEventsMixin.UI.events.apiHandlers.moderateTopic and FlowBoardComponentApiEventsMixin.UI.events.apiHandlers.moderatePost use HTML directly from processTemplate, making them affected by this issue (also, apparently processTemplateGetFragment should be used instead of this in general, and we may want to make processTemplate private).
  • 'html' is a misleading variable name for the return value of processTemplateGetFragment (e.g. in flow-board-api-events.js) (not an actual bug, but related and confusing)

Details

SubjectRepoBranchLines +/-
Update to follow jQuery 1.9 upgrade guidemediawiki/extensions/Flowmaster+16 -11
Customize query in gerrit

Related Objects
Search...

Event Timeline

Mattflaschen-WMF created this task.Dec 30 2014, 4:25 AM
Mattflaschen-WMF raised the priority of this task from to High.
Mattflaschen-WMF updated the task description. (Show Details)
Mattflaschen-WMF added projects: Collaboration-Team-Triage, StructuredDiscussions.
Mattflaschen-WMF added subscribers: Aklapper, Unknown Object (MLST), greg and 6 others.
Mattflaschen-WMF mentioned this in T85022: Audit deployed Collaboration team extensions for jQuery 1.11 upgrade issues.Dec 30 2014, 5:03 AM
Nikerabbit unsubscribed.Dec 30 2014, 8:05 AM
Krinkle unsubscribed.Jan 17 2015, 1:37 AM
Mattflaschen-WMF claimed this task.Jan 29 2015, 10:31 PM
Mattflaschen-WMF edited projects, added Collaboration-Team-Sprint-P-2015-02-11/q3; removed Collaboration-Team-Triage.
Mattflaschen-WMF set Security to None.
gerritbot added a project: Patch-For-Review.Jan 30 2015, 8:58 PM
gerritbot subscribed.

Change 187799 had a related patch set uploaded (by Mattflaschen):
Update to follow jQuery 1.11 upgrade guide

https://gerrit.wikimedia.org/r/187799

Patch-For-Review

Mattflaschen-WMF moved this task from Sprint P - ends Feb 11 to Code Review on the Collaboration-Team-Sprint-P-2015-02-11/q3 board.Jan 31 2015, 2:23 AM
matthiasmullie moved this task from Code Review to Product Review on the Collaboration-Team-Sprint-P-2015-02-11/q3 board.Feb 2 2015, 11:23 PM
gerritbot added a comment.Feb 2 2015, 11:24 PM

Change 187799 merged by jenkins-bot:
Update to follow jQuery 1.9 upgrade guide

https://gerrit.wikimedia.org/r/187799

Mattflaschen-WMF mentioned this in rEFLWb10f106166f2: Update to follow jQuery 1.9 upgrade guide.Feb 3 2015, 9:34 PM
DannyH closed this task as Resolved.Feb 3 2015, 11:57 PM
DannyH moved this task from Product Review to Done on the Collaboration-Team-Sprint-P-2015-02-11/q3 board.
DannyH subscribed.
Diffusion mentioned this in rMEXT632e414318b0: Updated mediawiki/extensions Project: mediawiki/extensions/Flow….Mar 11 2015, 6:25 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL