Last modified: 2014-11-19 17:38:58 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T56864, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 54864 - ResourceLoader: Implement support for LESS in wiki modules (user and site), supporting e.g. MediaWiki:Common.less
ResourceLoader: Implement support for LESS in wiki modules (user and site), s...
Status: NEW
Product: MediaWiki
Classification: Unclassified
ResourceLoader (Other open bugs)
1.22.0
All All
: Lowest enhancement with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-02 04:46 UTC by Kunal Mehta (Legoktm)
Modified: 2014-11-19 17:38 UTC (History)
13 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Kunal Mehta (Legoktm) 2013-10-02 04:46:48 UTC 
LESS support was recently added for RL, but only for core/extension generated modules. It would be nice if users could also create their own .less subpages (or MediaWiki: pages for sitewide) that RL would automatically compile into CSS.

Ori mentioned on IRC that there may be some security issues that need to be addressed like @import "/etc/passwd";
Comment 1 Brion Vibber 2013-10-02 16:37:28 UTC 
Yes, we'll need to devise some way to override the @import handling...
Comment 2 Bartosz Dziewoński 2014-05-05 17:42:43 UTC 
Extending summary because I spent way too long looking for this bug.
Comment 3 Daniel Friesen 2014-11-02 17:54:53 UTC 
Note that besides other security vectors, there's also a DOS vector. Small .less files that generate several gigabytes of output and consume large amounts of CPU for long periods of time can be made.
Comment 4 Krinkle 2014-11-02 19:01:22 UTC 
Using LESS inside the user space is in my opinion of very little value because, contrary to the file system, there wouldn't be much re-use or composition. It'd basically just be syntactical sugar for something that is relatively trivial to do without LESS.

It might even be something we'll never do, or do much later on once we get a grip on more important things and have found ways around the problems it introduces.

At this point I'd recommend against writing a patch, as it wouldn't be ready for approval.
Comment 5 paladox2015 2014-11-19 17:38:58 UTC 
Why not add https://github.com/leafo/lessphp/blob/011afcca8e6f1000a6e789921ba805fa578271a3/lessify.inc.php to mediawiki which converts css to less.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links