Fix two HTML injections

The message for “x results in y ms” used html() instead of text() to
process the   entity, which we can do with a hard-coded replace
instead (no existing translation uses any other entity, nor do I expect
any future translation to start doing so).

The tooltip for entities combined the entity label and description
(unescaped) with some HTML code for the tooltip contents and then showed
the full result as HTML; instead, create a jQuery collection
immediately (safely escaping the text parts) and eventually use that
when creating the tooltip.

Bug: T238822
Bug: T238824
Change-Id: I2ceda6911d43464dba330d41c871a8d8617451a2
2 files changed
tree: cf561668bc3ce8a0fcca732c52a641a976bbd1da
  1. .gitignore
  2. .gitreview
  3. .jscsrc
  4. .jshintignore
  5. .jshintrc
  6. .stylelintrc
  7. Gruntfile.js
  8. LICENSE
  9. README.md
  10. default-config.json
  11. dist/
  12. embed.html
  13. examples/
  14. favicon.ico
  15. i18n/
  16. index.html
  17. jsduck.json
  18. logo-embed.svg
  19. logo.svg
  20. maint.html
  21. package-lock.json
  22. package.json
  23. polestar/
  24. pom.xml
  25. robots.txt
  26. style.less
  27. tests/
  28. vendor/
  29. wdio.conf.js
  30. wikibase/
README.md

Wikibase Query Service GUI

This repository contains the GUI for the Wikidata Query Service.

Please see more details about the service in the User Manual.

Download & setup

Clone git repo, go into created folder and then pull all dependencies via npm package manager.

$ git clone https://gerrit.wikimedia.org/r/wikidata/query/gui
$ cd gui
$ npm install

Alternatively, use npm install.

npm install wikidata-query-gui

Configuration

Per default the Wikibase Query Service GUI is configured to be used as a local development test instance. It can be customized by creating a custom-config.json in the repository's root dir. This file can be used to override any of the default settings obtained from default-config.json.

Run tests

Run JSHint, JSCS and QUnit tests.

$ npm test

Debug

Start a test server for local debugging. Do not use it in production.

$ npm start

Build

Create a build with bundled and minified files.

$ npm run build

Deploy

Create a build and push it to the deployment branch via git review.

$ npm run deploy

Please make sure you have defined a gitreview username:

git config --global --add gitreview.username "[username]"

Components

Editor

A CodeMirror based SPARQL editor with code completion (ctrl+space) and tooltips (hover).

var editor = new wikibase.queryService.ui.editor.Editor();
editor.fromTextArea( $( '.editor' )[0] );

See examples/editor.html.

Example dialog

A dialog that allows browsing of SPARQL examples.

new wikibase.queryService.ui.dialog.QueryExampleDialog(  $element, querySamplesApi, callback, previewUrl );

See examples/dialog.html.

SPARQL

var api = new wikibase.queryService.api.Sparql();
api.query( query ).done( function() {
	var json = JSON.parse( api.getResultAsJson() );

} );

See examples/sparql.html. JSFiddle.net

Result Views

Views that allow rendering SPARQL results (see documentation).

var api = new wikibase.queryService.api.Sparql();
api.query( query ).done(function() {
	var result = new wikibase.queryService.ui.resultBrowser.CoordinateResultBrowser();
	result.setResult( api.getResultRawData() );
	result.draw( element );
} );

See examples/result.html. JSFiddle.net

Release Notes and npm package

Unfortunately there are no releases and the provided code and interfaces are not considered to be stable. Also the dist/ folder contains a build that may not reflect the current code on master branch.