protected $mFeedLinksAppendQuery = null;
- /** @var array
- * What level of 'untrustworthiness' is allowed in CSS/JS modules loaded on this page?
+ /**
+ * @var int
+ * The level of 'untrustworthiness' allowed for modules loaded on this page.
* @see ResourceLoaderModule::$origin
- * ResourceLoaderModule::ORIGIN_ALL is assumed unless overridden;
*/
- protected $mAllowedModules = array(
- ResourceLoaderModule::TYPE_COMBINED => ResourceLoaderModule::ORIGIN_ALL,
- );
+ protected $mAllowedModuleOrigin = ResourceLoaderModule::ORIGIN_ALL;
/** @var bool Whether output is disabled. If this is true, the 'output' method will do nothing. */
protected $mDoNothing = false;
}
/**
- * Do not allow scripts which can be modified by wiki users to load on this page;
- * only allow scripts bundled with, or generated by, the software.
+ * Restrict the page to loading modules bundled the software.
+ *
+ * Disallows the queue to contain any modules which can be modified by wiki
+ * users to load on this page.
*/
public function disallowUserJs() {
- $this->reduceAllowedModules(
- ResourceLoaderModule::TYPE_SCRIPTS,
- ResourceLoaderModule::ORIGIN_CORE_INDIVIDUAL
- );
+ $this->reduceAllowedModuleOrigin( ResourceLoaderModule::ORIGIN_CORE_INDIVIDUAL );
}
/**
- * Show what level of JavaScript / CSS untrustworthiness is allowed on this page
+ * Get the level of JavaScript / CSS untrustworthiness allowed on this page.
+ *
* @see ResourceLoaderModule::$origin
- * @param string $type ResourceLoaderModule TYPE_ constant
+ * @param string $type Unused: Module origin allowance used to be fragmented by
+ * ResourceLoaderModule TYPE_ constants.
* @return int ResourceLoaderModule ORIGIN_ class constant
*/
- public function getAllowedModules( $type ) {
- if ( $type == ResourceLoaderModule::TYPE_COMBINED ) {
- return min( array_values( $this->mAllowedModules ) );
- } else {
- return isset( $this->mAllowedModules[$type] )
- ? $this->mAllowedModules[$type]
- : ResourceLoaderModule::ORIGIN_ALL;
- }
+ public function getAllowedModules( $type = null ) {
+ return $this->mAllowedModuleOrigin;
}
/**
* Set the highest level of CSS/JS untrustworthiness allowed
+ *
+ * @deprecated since 1.24 Raising level of allowed untrusted content is no longer supported.
+ * Use reduceAllowedModuleOrigin() instead.
+ *
* @param string $type ResourceLoaderModule TYPE_ constant
- * @param int $level ResourceLoaderModule class constant
+ * @param int $level ResourceLoaderModule ORIGIN_ constant
*/
public function setAllowedModules( $type, $level ) {
- $this->mAllowedModules[$type] = $level;
+ wfDeprecated( __METHOD__, '1.24' );
+ $this->reduceAllowedModuleOrigin( $level );
}
/**
- * As for setAllowedModules(), but don't inadvertently make the page more accessible
- * @param string $type
- * @param int $level ResourceLoaderModule class constant
+ * Limit the highest level of CSS/JS untrustworthiness allowed.
+ *
+ * @deprecated since 1.24 Module allowance is no longer fragmented by content type.
+ * Use reduceAllowedModuleOrigin() instead.
+ *
+ * @param string $type ResourceLoaderModule TYPE_ constant
+ * @param int $level ResourceLoaderModule ORIGIN_ class constant
*/
public function reduceAllowedModules( $type, $level ) {
- $this->mAllowedModules[$type] = min( $this->getAllowedModules( $type ), $level );
+ wfDeprecated( __METHOD__, '1.24' );
+ $this->reduceAllowedModuleOrigin( $level );
+ }
+
+ /**
+ * Limit the highest level of CSS/JS untrustworthiness allowed.
+ *
+ * If passed the same or a higher level than the current level of untrustworthiness set, the
+ * level will remain unchanged.
+ *
+ * @param int $level ResourceLoaderModule class constant
+ */
+ public function reduceAllowedModuleOrigin( $level ) {
+ $this->mAllowedModuleOrigin = min( $this->mAllowedModuleOrigin, $level );
}
/**
public function headElement( Skin $sk, $includeStyle = true ) {
global $wgContLang;
+ $section = new ProfileSection( __METHOD__ );
+
$userdir = $this->getLanguage()->getDir();
$sitedir = $wgContLang->getDir();
);
$context = new ResourceLoaderContext( $resourceLoader, new FauxRequest( $query ) );
- // Extract modules that know they're empty
+ // Extract modules that know they're empty and see if we have one or more
+ // raw modules
+ $isRaw = false;
foreach ( $grpModules as $key => $module ) {
// Inline empty modules: since they're empty, just mark them as 'ready' (bug 46857)
// If we're only getting the styles, we don't need to do anything for empty modules.
$links['states'][$key] = 'ready';
}
}
+
+ $isRaw |= $module->isRaw();
}
// If there are no non-empty modules, skip this group
);
} else {
$link = Html::linkedScript( $url );
+ if ( $context->getOnly() === 'scripts' && !$context->getRaw() && !$isRaw ) {
+ // Wrap only=script requests in a conditional as browsers not supported
+ // by the startup module would unconditionally execute this module.
+ // Otherwise users will get "ReferenceError: mw is undefined" or
+ // "jQuery is undefined" from e.g. a "site" module.
+ $link = Html::inlineScript(
+ ResourceLoader::makeLoaderConditionalScript(
+ Xml::encodeJsCall( 'document.write', array( $link ) )
+ )
+ );
+ }
// For modules requested directly in the html via <link> or <script>,
// tell mw.loader they are being loading to prevent duplicate requests.
if ( $flip === 'flip' && $this->getLanguage()->isRTL() ) {
# If wanted, and the interface is right-to-left, flip the CSS
$style_css = CSSJanus::transform( $style_css, true, false );
- } else {
- $style_css = CSSJanus::nullTransform( $style_css );
}
$this->mInlineStyles .= Html::inlineStyle( $style_css ) . "\n";
}
$previewedCSS = $this->getRequest()->getText( 'wpTextbox1' );
if ( $this->getLanguage()->getDir() !== $wgContLang->getDir() ) {
$previewedCSS = CSSJanus::transform( $previewedCSS, true, false );
- } else {
- $previewedCSS = CSSJanus::nullTransform( $previewedCSS );
}
$otherTags .= Html::inlineStyle( $previewedCSS ) . "\n";
} else {