User talk:Enterprisey/script-installer

This is a subpage of Enterprisey's talk page, where you can send him messages and comments.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed

Archives: 1

Feature request: generate code that matches {{subst:iusc}}

Latest comment: 2 days ago4 comments3 people in discussion

Here's my common.js right now.

importScript( 'User:Enterprisey/script-installer.js' ); // Backlink: User:Enterprisey/script-installer.js
importScript('User:Enterprisey/easy-brfa.js'); // Backlink: User:Enterprisey/easy-brfa.js
importScript('User:Enterprisey/cv-revdel.js'); // Backlink: User:Enterprisey/cv-revdel.js
importScript('User:Enterprisey/reply-link.js'); // Backlink: User:Enterprisey/reply-link.js
importScript('User:Enterprisey/talk-tab-count.js'); // Backlink: User:Enterprisey/talk-tab-count.js
importScript('User:Enterprisey/user-tabs-on-contribs.js'); // Backlink: User:Enterprisey/user-tabs-on-contribs.js

Does that bug you? It bugs me. Would it be possible to change script-installer to match {{subst:iusc}}'s output? (For that matter, is there a reason it doesn't just generate that subst in the first place? DRY and all that.) Gaelan 💬✏️ 09:39, 24 February 2019 (UTC)Reply

Gaelan, is this still an issue? I checked your common.js and my common.js and couldn't see what you're talking about - I'm probably not understanding your comment. Enterprisey (talk!) 06:28, 13 October 2019 (UTC)Reply

Oh, spacing inside the parentheses. Huh. Yeah, the subst would be fine. I don't feel very strongly about this. I guess I'll consider adding spaces. Enterprisey (talk!) 04:19, 26 January 2021 (UTC)Reply

As of 2024, the gadget is not putting spaces inside parentheses. Judging from the lack of comments on this page, I don't think most users mind. Probably should leave as is. –Novem Linguae (talk) 17:48, 7 May 2024 (UTC)Reply

Global

Latest comment: 2 years ago2 comments2 people in discussion

@Enterprisey: It would be neat if this script was extended to allow installing scripts on global.js, too. ~★ nmaia ^d 01:05, 15 September 2020 (UTC)Reply

Status: I have no plans to work on this, but would be happy to mentor someone if they wanted to work on it themselves. Enterprisey (talk!) 23:53, 13 August 2021 (UTC)Reply

TODO: Bulk deletion support

Latest comment: 2 years ago3 comments2 people in discussion

With checkboxes. Enterprisey (talk!) 04:10, 26 January 2021 (UTC)Reply

  That'd be great! — 𝐆𝐮𝐚𝐫𝐚𝐩𝐢𝐫𝐚𝐧𝐠𝐚 (talk) 23:41, 26 May 2021 (UTC)Reply

Status: I have no plans to work on this, but would be happy to mentor someone if they wanted to work on it themselves. Enterprisey (talk!) 23:53, 13 August 2021 (UTC)Reply

id vs data-

Latest comment: 3 years ago1 comment1 person in discussion

I don't think relying on IDs for getting script paths is a good idea as it results in invalid HTML if the same path appears more than once per page. Shouldn't it use a data-* attribute? Nardog (talk) 23:18, 8 April 2021 (UTC)Reply

scriptManager

Latest comment: 2 years ago3 comments3 people in discussion

@Enterprisey: It would be helpful if you added a function allowing you to add scripts using scriptManager's syntax. ― Qwerfjkl | 𝕋𝔸𝕃𝕂  (please use {{reply to|Qwerfjkl}} on reply) 13:53, 23 May 2021 (UTC)Reply

Agreed. — Guarapiranga (talk) 23:50, 26 May 2021 (UTC)Reply

Status: I have no plans to work on this, but would be happy to mentor someone if they wanted to work on it themselves. Enterprisey (talk!) 23:53, 13 August 2021 (UTC)Reply

Lusc instead of iusc

Latest comment: 2 days ago6 comments4 people in discussion

This script still seems to be using {{Iusc}}, rather than {{Lusc}}, which I understand to be the preferred method. Enterprisey, would it be possible to update that? {{u|Sdkb}} ^talk 03:47, 23 November 2021 (UTC)Reply

@Enterprisey: Any update on this? importScript() (which {{iusc}}) uses has been deprecated for a while now. See T95964 ―sportzpikachu _{my talkcontribs} 10:45, 10 December 2021 (UTC)Reply

I plan to get to this at some point, but it's not urgent; there's still no good official replacement ("Gadgets 3.0" or whatever number they're on now). So it would just be for the slight performance benefit. Enterprisey (talk!) 04:42, 11 December 2021 (UTC)Reply

Strong oppose. There was some misinformation going around a year or two ago that iusc was deprecated, but this had no basis in fact. See Template:Install user script#importScript() is not deprecated for more info. I strongly prefer iusc because it is much more readable. –Novem Linguae (talk) 17:52, 7 May 2024 (UTC)Reply

I switched all my scripts to use {{Lusc}} in 2021 after I was told that it would significantly improve page loading speed, and at the time it seemed to do so. Is that no longer the case? Sdkb ^talk 18:06, 7 May 2024 (UTC)Reply

Interesting. I haven't looked into the performance angle of this. –Novem Linguae (talk) 18:45, 7 May 2024 (UTC)Reply

Various to-dos

Latest comment: 2 years ago1 comment1 person in discussion

@Enterprisey: Now that phab:T300743 is fixed, I can list the other to-do items that I noticed while looking for XSS issues. These are all suggestions for future development that you can take or leave as you see fit.

• The gadget should check the content model of script pages before installing them, and only install ones with a content model of JavaScript. In theory, not checking this would allow an attacker to add JavaScript code to a wikitext page in a trusted user's userspace (which anyone can edit), and then trick the victim into installing the attacker's code while the victim believes it is written by the trusted user. In practice, this attack is stopped by MediaWiki setting the X-Content-Type-Options header to "nosniff", which prevents loading scripts from pages that don't have a MIME type of "text/javascript". This could be a problem in very old browsers though, so it would be worth fixing.
• Import.fromJs is broken for scripts with double or single quotes in them (e.g. User:Example/foo"bar.js). The script trims the first quote character and everything after it, which means it tries to install e.g. User:Example/foo instead. Fixing this would mean parsing the string with a JavaScript parser instead of with regex - unfortunately, I'm not aware of an easy way of doing that without installing third-party libraries, so this could be a lot of work.
• The cookie attributes of the open_script_installer need fixing. Firefox was giving the following warning in the console: Cookie “open_script_installer” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite.
• There are some missing translation strings: see the latter half of the diff of the Chinese translation to see where they are. They also use different pipe and bracket characters, so those might be worth including as well. The mw.Message class might be worth a look into for this.

Best — Mr. Stradivarius ^{♪ talk ♪} 13:33, 7 February 2022 (UTC)Reply

unable to uninstall autoFormatter & cleanDiff

Latest comment: 2 days ago2 comments2 people in discussion

@Enterprisey: i am unable to uninstall both autoFormatter & cleanDiff on common.js. can you please look into it. <_> jindam, vani (talk) 13:56, 27 December 2022 (UTC)Reply

Links: meta:User:TMg/autoFormatter, de:Benutzer:TMg/cleanDiff.js. These are both non-English Wikipedia user scripts, which is probably why this gadget didn't work. –Novem Linguae (talk) 17:55, 7 May 2024 (UTC)Reply

Recognize Full Protection

Latest comment: 7 months ago1 comment1 person in discussion

@Enterprisey Currently, the script claims that Wikipedia:AutoEd/complete.js is insecure, in spite of the full protection. Could support be added? Aaron Liu (talk) 16:56, 13 September 2023 (UTC)Reply