b28faecb2b
The "nonce" CSP feature has been never been properly tested and is not on track to be enabled at WMF or in MW by default. The use of nonce-protected eval is not particularly meaningful. It is trivially bypassed by mw.loader.implement, mw.loader.store, or importScript(); all of which allow any code to be executed directly, or to be stored and loaded from a first-party origin. The "nonce" feature is not required for the T208188 roadmap, and with change I51b8535b2b21a3 there is now also a (small) performance reason to keep this disabled long-term. Until and unless there is a plan for enabling this particular aspect of CSP, we might as well remove it so that we don't waste time our time building abstraction layers and satisfying dependency injection through many years for something that might never be used. Note that this does not remove CSP support from ResourceLoader, and does not take away from the future of enabling CSP in MediaWiki to e.g. strictly block third-party scripts, or to require domains to opt-in by site config or user pref (T208188). Change-Id: I5a176c41a06a484a11e64bdacdc42b40811fe72e |
||
|---|---|---|
| .. | ||
| data | ||
| docs | ||
| includes | ||
| integration/includes | ||
| maintenance | ||
| mocks | ||
| structure | ||
| suites | ||
| tests | ||
| unit | ||
| bootstrap.common.php | ||
| bootstrap.integration.php | ||
| bootstrap.maintenance.php | ||
| bootstrap.php | ||
| HamcrestPHPUnitIntegration.php | ||
| MediaWikiCoversValidator.php | ||
| MediaWikiGroupValidator.php | ||
| MediaWikiIntegrationTestCase.php | ||
| MediaWikiLangTestCase.php | ||
| MediaWikiLoggerPHPUnitExtension.php | ||
| MediaWikiPHPUnitResultPrinter.php | ||
| MediaWikiTeardownPHPUnitExtension.php | ||
| MediaWikiTestCaseTrait.php | ||
| MediaWikiUnitTestCase.php | ||
| MWTestDox.php | ||
| phpunit.php | ||
| README.md | ||
| ResourceLoaderTestCase.php | ||
| suite.xml | ||
| TestSelectQueryBuilder.php | ||
MediaWiki PHPUnit tests
WARNING: Integration tests may be destructive and alter or remove parts of your local database. We try to use temporary tables where possible, but you must never run tests on a production server or on a wiki where you don't want to lose data.
Running tests
If you haven't already, run composer update (specifically without --no-dev) in the MediaWiki core directory. This will install PHPUnit.
To read about how to run specific tests, refer to:
https://www.mediawiki.org/wiki/Manual:PHP_unit_testing/Running_the_tests
Writing tests
A guide to writing PHPUnit tests for MediaWiki can be found at: