diff options
| author | Jon Harald Søby <jhsoby@gmail.com> | 2023-07-07 09:57:59 +0200 |
|---|---|---|
| committer | Jon Harald Søby <jhsoby@gmail.com> | 2023-07-13 00:36:23 +0200 |
| commit | 94ea71b3eda3d9b6065ff2dc48f45b6c623914c7 (patch) | |
| tree | 851ff4f20f2c6b8aa8fb01cfac9e55ba5c8540c2 | |
| parent | 709a5cce79db33c4babed01afbea3cfbc2bb95cb (diff) | |
| download | mediawikicore-94ea71b3eda3d9b6065ff2dc48f45b6c623914c7.tar.gz mediawikicore-94ea71b3eda3d9b6065ff2dc48f45b6c623914c7.zip | |
Remove feedback messages from RawHtmlMessages
These two messages were marked as RawHtmlMessages, but didn't have
any raw HTML, and so it was unnecessary to mark them as such. Instead
make sure they are parsed properly where they are used to avoid any
potential XSS exploits.
There is an override for one of these messages in WikimediaMessages,
and that override used to use raw HTML in order to get target="_blank"
on a link. This adds that functionality to this part of the code
instead, allowing that message to be parsed as normal wikitext
instead.
Bug: T204470
Depends-On: I075bc904a40b3ea224fa44f9627814e3f9cab051
Change-Id: I67922005288cf3fe2da43d92d49de54f88e98926
| -rwxr-xr-x | docs/config-schema.yaml | 2 | ||||
| -rw-r--r-- | includes/MainConfigSchema.php | 2 | ||||
| -rwxr-xr-x | includes/config-schema.php | 2 | ||||
| -rw-r--r-- | languages/i18n/qqq.json | 4 | ||||
| -rw-r--r-- | resources/Resources.php | 1 | ||||
| -rw-r--r-- | resources/src/mediawiki.feedback/FeedbackDialog.js | 4 | ||||
| -rw-r--r-- | resources/src/mediawiki.feedback/feedback.js | 2 |
7 files changed, 7 insertions, 10 deletions
diff --git a/docs/config-schema.yaml b/docs/config-schema.yaml index 1a7cd53f7f28..7576b614b44c 100755 --- a/docs/config-schema.yaml +++ b/docs/config-schema.yaml @@ -3044,8 +3044,6 @@ config-schema: - copyright - history_copyright - googlesearch - - feedback-terms - - feedback-termsofuse type: array items: type: string diff --git a/includes/MainConfigSchema.php b/includes/MainConfigSchema.php index 669edd233eca..735797de18e3 100644 --- a/includes/MainConfigSchema.php +++ b/includes/MainConfigSchema.php @@ -4893,8 +4893,6 @@ class MainConfigSchema { 'copyright', 'history_copyright', 'googlesearch', - 'feedback-terms', - 'feedback-termsofuse', ], 'type' => 'list', 'items' => [ 'type' => 'string', ], diff --git a/includes/config-schema.php b/includes/config-schema.php index e9838563b6d0..1e5790e4e7d5 100755 --- a/includes/config-schema.php +++ b/includes/config-schema.php @@ -618,8 +618,6 @@ return [ 0 => 'copyright', 1 => 'history_copyright', 2 => 'googlesearch', - 3 => 'feedback-terms', - 4 => 'feedback-termsofuse', ], 'Localtimezone' => null, 'LocalTZoffset' => null, diff --git a/languages/i18n/qqq.json b/languages/i18n/qqq.json index d2905cf39d3c..b848fc46a571 100644 --- a/languages/i18n/qqq.json +++ b/languages/i18n/qqq.json @@ -4407,8 +4407,8 @@ "feedback-message": "Label for a textarea; signature refers to a Wikitext signature.\n{{Identical|Message}}", "feedback-subject": "Label for a text input\n{{Identical|Subject}}", "feedback-submit": "Button label\n{{Identical|Submit}}", - "feedback-terms": "{{RawHtml|phab=T294760}}\n\nLabel for a checkbox asking for permissions to submit browser information.", - "feedback-termsofuse": "{{RawHtml|phab=T294760}}\n\nLabel with an agreement about the terms of use.", + "feedback-terms": "Label for a checkbox asking for permissions to submit browser information.", + "feedback-termsofuse": "Label with an agreement about the terms of use.", "feedback-thanks": "Thanks message, appears if feedback was successful. Parameters:\n* $1 - \"Feedback\"\n* $2 - Feedback page URL", "feedback-thanks-title": "The title of the thank you dialog at the end of the submission process.\n{{Identical|Thank you}}", "feedback-useragent": "A label denoting the user agent in the feedback that is posted to the feedback page.\n{{Identical|User agent}}", diff --git a/resources/Resources.php b/resources/Resources.php index 5140890a4242..1d48b10abf70 100644 --- a/resources/Resources.php +++ b/resources/Resources.php @@ -783,6 +783,7 @@ return [ ], 'styles' => 'feedback.less', 'dependencies' => [ + 'mediawiki.jqueryMsg', 'mediawiki.messagePoster', 'mediawiki.Title', 'oojs-ui-core', diff --git a/resources/src/mediawiki.feedback/FeedbackDialog.js b/resources/src/mediawiki.feedback/FeedbackDialog.js index a954b288119d..3d94a8754fa5 100644 --- a/resources/src/mediawiki.feedback/FeedbackDialog.js +++ b/resources/src/mediawiki.feedback/FeedbackDialog.js @@ -85,9 +85,11 @@ FeedbackDialog.prototype.initialize = function () { align: 'inline' } ); + var $termsOfUseLabelText = $( '<p>' ).append( mw.message( 'feedback-termsofuse' ).parseDom() ); + $termsOfUseLabelText.find( 'a' ).attr( 'target', '_blank' ); termsOfUseLabel = new OO.ui.LabelWidget( { classes: [ 'mw-feedbackDialog-feedback-termsofuse' ], - label: $( '<p>' ).append( mw.msg( 'feedback-termsofuse' ) ) + label: $termsOfUseLabelText } ); this.feedbackPanel.$element.append( diff --git a/resources/src/mediawiki.feedback/feedback.js b/resources/src/mediawiki.feedback/feedback.js index 445d5eb9bfc4..214882f9c067 100644 --- a/resources/src/mediawiki.feedback/feedback.js +++ b/resources/src/mediawiki.feedback/feedback.js @@ -67,7 +67,7 @@ this.useragentCheckboxShow = !!config.showUseragentCheckbox; this.useragentCheckboxMandatory = !!config.useragentCheckboxMandatory; this.useragentCheckboxMessage = config.useragentCheckboxMessage || - $( '<p>' ).append( mw.msg( 'feedback-terms' ) ); + $( '<p>' ).append( mw.message( 'feedback-terms' ).parseDom() ); // Message dialog this.thankYouDialog = new OO.ui.MessageDialog(); |