Yurik has uploaded a new change for review.
https://gerrit.wikimedia.org/r/247921
Change subject: Add an ability to whitelist URLs
......................................................................
Add an ability to whitelist URLs
We might want to add some whitelisting capability
to the external URLs. This patch would allow for such capability.
Change-Id: I78fb9ae42fa9fdc3b016b9e5c20185205dbd6dd9
---
M Graph.body.php
M extension.json
M js/graph.js
3 files changed, 23 insertions(+), 13 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Graph
refs/changes/21/247921/1
diff --git a/Graph.body.php b/Graph.body.php
index f7a9bdd..fce31d4 100644
--- a/Graph.body.php
+++ b/Graph.body.php
@@ -54,12 +54,13 @@
if ( $specs !== null ) {
global $wgGraphImgServiceAlways, $wgGraphImgServiceUrl;
if ( $isPreview || !$wgGraphImgServiceUrl ||
!$wgGraphImgServiceAlways ) {
- global $wgGraphDataDomains,
$wgGraphUrlBlacklist, $wgGraphIsTrusted;
+ global $wgGraphDataDomains,
$wgGraphUrlBlacklist, $wgGraphUrlWhitelist, $wgGraphIsTrusted;
$output->addModules( 'ext.graph' );
$output->addJsConfigVars( 'wgGraphSpecs',
$specs );
- // TODO: these 3 js vars should be per domain
if 'ext.graph' is added, not per page
+ // TODO: these 4 js vars should be per domain
if 'ext.graph' is added, not per page
$output->addJsConfigVars( 'wgGraphDataDomains',
$wgGraphDataDomains );
$output->addJsConfigVars(
'wgGraphUrlBlacklist', $wgGraphUrlBlacklist );
+ $output->addJsConfigVars(
'wgGraphUrlWhitelist', $wgGraphUrlWhitelist );
$output->addJsConfigVars( 'wgGraphIsTrusted',
$wgGraphIsTrusted );
}
$output->setProperty( 'graph_specs',
diff --git a/extension.json b/extension.json
index d2621b9..18a709f 100644
--- a/extension.json
+++ b/extension.json
@@ -75,6 +75,7 @@
"config": {
"GraphDataDomains": [],
"GraphUrlBlacklist": false,
+ "GraphUrlWhitelist": false,
"GraphIsTrusted": false,
"GraphImgServiceAlways": false,
"GraphImgServiceUrl": false
diff --git a/js/graph.js b/js/graph.js
index e99c273..2fc24af 100644
--- a/js/graph.js
+++ b/js/graph.js
@@ -9,6 +9,7 @@
// Make sure we only initialize graphs once
vg.config.domainWhiteList = mw.config.get(
'wgGraphDataDomains' );
vg.config.urlBlackList = mw.config.get(
'wgGraphUrlBlacklist' );
+ vg.config.urlWhiteList = mw.config.get(
'wgGraphUrlWhitelist' );
if ( !mw.config.get( 'wgGraphIsTrusted' ) ) {
vg.config.dataHeaders = { 'Treat-as-Untrusted':
1 };
}
@@ -27,19 +28,26 @@
if ( !url ) {
return false;
}
- if ( !vg.config.urlBlackListRe ) {
- // Lazy initialize urlBlackListRe
- if ( vg.config.urlBlackList ) {
- vg.config.urlBlackListRe =
vg.config.urlBlackList.map( function ( s ) {
+ if ( !vg.config.urlBlackListTest ) {
+ // Lazy initialize urlBlackListTest &
urlWhiteListTest
+ var makeTesterFunc = function ( reList,
passIfFound ) {
+ if ( !reList ) {
+ return function() {
return true; };
+ }
+ var reList2 =
reList.map(function ( s ) {
return new RegExp( s );
- } );
- } else {
- vg.config.urlBlackListRe = [];
- }
+ });
+ return function( url ) {
+ var found =
reList2.some( function ( re ) {
+ return re.test(
url );
+ } );
+ return passIfFound ?
found : !found;
+ };
+ };
+ vg.config.urlBlackListTest =
makeTesterFunc( vg.config.urlBlackList, false );
+ vg.config.urlWhiteListTest =
makeTesterFunc( vg.config.urlWhiteList, true );
}
- if ( vg.config.urlBlackListRe.some( function (
re ) {
- return re.test( url );
- } ) ) {
+ if ( !vg.config.urlBlackListTest( url ) ||
!vg.config.urlWhiteListTest( url ) ) {
return false;
}
return url;
--
To view, visit https://gerrit.wikimedia.org/r/247921
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I78fb9ae42fa9fdc3b016b9e5c20185205dbd6dd9
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Graph
Gerrit-Branch: master
Gerrit-Owner: Yurik <yu...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
