tl;dr: Having unnessary complexity in security critical code is bad.
* Extra options add extra complexity and maintenance burden
** Thus we should only have one html output mode. well formed = false
was already vetoed in T52040, so lets go with WellFormed=true.
* Options which are used by very few people tend to get tested less
* Escaping is an area of code where we should be very conservative
* Having escaping rules depend on making assumptions about which
characters various browsers consider "whitespace" is scary
* $wgWellFormedXml=false has had a negative security impact in the
past (Usually not directly its fault, but has made other bugs
more exploitable)
* Saving a couple bytes (even less bytes after gzip taken into
account) is really not worth it in this context (imho).
Change-Id: I5c922e0980d3f9eb39adb5bb5833e158afda42ed
* Remove is_object restriction from isValid.
* Implement rootValueTable to support rendering of other
root structures.
Also:
* Minor method documentation tweaks.
* Document why quotes are not escaped for strings in value cells.
Bug: T86270
Change-Id: Ic1d10393912fcefa22d675fd4aa2baf437d2a05a
Follows-up d2a82fcb60. These issues weren't previously exposed
as nothing uses JsonContent by default in core, and the extensions
using it (e.g. EventLogging) lock it down very early. As are
most of these methods were never really put to use (they were
called after the extension does its superset of checking, or
too early and WikiPage ignores it).
Bug fixes
* Empty JSON object was converted to an array by PST conversion.
The beautifyJSON method is intended for prettify purposes but
actually modified the content stored in the database and made
it no longer roundtrip ({} != []).
We can't change getJsonData to return an object since it's
a public method and people use it as an array. So we can't cast
it to a PHP object as that would break back-compat.
Turns out the class doesn't even support non-objects anyway (a
primitive in JSON can trivially cause a fatal as it wasn't
consistently considered invalid, though it didn't actually fatal
due to some lucky spaghetti code in WikiPage).
* Fix beautifyJSON by checking for empty objects to prevent
implicit {} to [] conversion.
* Add isValid() check to fillParserOutput() as it's called early
on. Otherwise it throws a warning that 'foreach' (in objectTable)
iterates over null. In practice it doesn't matter since the
entire parser output is rejected when WikiPage eventually
checks isValid (through Content::prepareSave).
* Consider all non- (PHP) array values invalid instead of just
non-null values.
Enhancements
* Display message "Empty object" instead of a completely blank page
for an empty object.
* Display message "Empty object" or "Empty array" instead of an
empty table cell.
* Render arrays as a list of values (without indices).
* Remove italics from table cells for values. The monospace font
should be enough. It also offsets it from the "Empty"
placeholders (which are italicised).
Refactoring and clean up
* Use FormatJson::parse so that we can use Status to distinguish
between null parse result and thus reliably cache it.
Ideally we wouldn't need to cache it, but right now this code
is pulled apart and called in so many strange ways that we end
up calling this several times.
* Improve fairly meaningless test (testBeautifyJson) that was
calling FormatJson in its data provider, exactly what the method
being tested did. It also provided the test with data that could
never end up in normal usage (a PHP-style associated array with
implied numerical indices).
* Document that this class rejects non-array values.
* Document the problem with WikiPage assumming PST can run on any
content. WikiPage fundamentally still assumes wikitext, in that
there's no concept of invalid content.
* Fix incorrect documentation for getJsonData's return value
(It may return null.)
* Fix incorrect documentation for beautifyJSON's return value.
(It never returned boolean.)
Bug: T76553
Change-Id: Ifed379ba4674a8289b554a95953951886bf2cbfd
Follows-up b36d883.
By far most data providers are static (and PHPUnit expects them
to be static and calls them that way).
Most of these classes already had their data providers static
but additional commits sloppily introduced non-static ones.
* ResourceLoaderWikiModuleTest, 8968d8787f.
* TitleTest, 545f1d3a73.
Odd unused method 'dataTestIsValidMoveOperation' was introduced
in 550b878e63.
* GlobalVarConfigTest, a3e18c3670.
Change-Id: I5da99f7cd3da68c550ae507ffe1f725d31e7666f
* All content handlers that deal with code/data tend to have
English as their page language & pageview language, so moved common
code to the abstract CodeContentHandler class.
* Renamed JSONContent & JSONContentHandler into JsonContent*
Change-Id: I46819a0572ef5becc211d0d82471ff7102edaa3c
2014-09-15 08:24:15 +00:00
Renamed from tests/phpunit/includes/content/JSONContentTest.php (Browse further)
