On 05/19/2014 10:19 AM, Gabriel Wicke wrote:
On 05/19/2014 04:54 PM, Gabriel Wicke wrote:
The move to HTML-based (self-contained) transclusions expansions will avoid this issue completely. That's a few months out though. Maybe we can find a stop-gap solution that moves in that direction, without introducing special tags in expandtemplates that we'll have to support for a long time.
Here's a proposal:
- Introduce a <domparse> extension tag that causes its content to be parsed
all the way to a self-contained DOM structure. Example: <domparse>{{T}}</domparse>
- Emit this tag for HTML page transclusions. Avoids the security issue as
there's no way to inject verbatim HTML. Works with Parsoid out of the box.
- Use <domparse> to support parsing unbalanced templates by inserting it
into wikitext:
<domparse> {{table-start}} {{table-row}} {{table-end}} </domparse>
- Build a solid HTML-only expansion API end point, and start using that for
all transclusions that are not wrapped in <domparse>
- Stop wrapping non-wikitext transclusions into <domparse> in
action=expandtemplates once those can be directly expanded to a self-contained DOM.
Here's a possible division of labor:
You (Daniel) could start with the second step (emitting the tag). Since not much escaping is needed (only nested <domparse> tags in the transclusion) this should be fairly straightforward.
We could work on the extension implementation (first bullet point) together, or tackle it completely on the Parsoid side. We planned to work on this in any case as part of our longer-term migration to well-balanced HTML transclusions.
The advantage of using <domparse> to support both unbalanced templates & special transclusions is that we'll only have to implement this once, and won't introduce another tag only to deprecate it fairly quickly. Phasing out unbalanced templates will take longer, as we'll first have to come up with alternative means to support the same use cases.
Gabriel