* the ability to vary based extra query parameters, in addition to those
* from ResourceLoaderContext:
*
- * - target: Only register modules in the client allowed within this target.
+ * - target: Only register modules in the client intended for this target.
* Default: "desktop".
* See also: OutputPage::setTarget(), ResourceLoaderModule::getTargets().
+ *
+ * - safemode: Only register modules that have ORIGIN_CORE as their origin.
+ * This effectively disables ORIGIN_USER modules. (T185303)
+ * See also: OutputPage::disallowUserJs()
*/
class ResourceLoaderStartUpModule extends ResourceLoaderModule {
* Optimize the dependency tree in $this->modules.
*
* The optimization basically works like this:
- * Given we have module A with the dependencies B and C
- * and module B with the dependency C.
- * Now we don't have to tell the client to explicitly fetch module
- * C as that's already included in module B.
+ * Given we have module A with the dependencies B and C
+ * and module B with the dependency C.
+ * Now we don't have to tell the client to explicitly fetch module
+ * C as that's already included in module B.
*
* This way we can reasonably reduce the amount of module registration
* data send to the client.
// Future developers: Use WebRequest::getRawVal() instead getVal().
// The getVal() method performs slow Language+UTF logic. (f303bb9360)
$target = $context->getRequest()->getRawVal( 'target', 'desktop' );
+ $safemode = $context->getRequest()->getRawVal( 'safemode' ) === '1';
// Bypass target filter if this request is Special:JavaScriptTest.
// To prevent misuse in production, this is only allowed if testing is enabled server-side.
$byPassTargetFilter = $this->getConfig()->get( 'EnableJavaScriptTest' ) && $target === 'test';
foreach ( $resourceLoader->getModuleNames() as $name ) {
$module = $resourceLoader->getModule( $name );
$moduleTargets = $module->getTargets();
- if ( !$byPassTargetFilter && !in_array( $target, $moduleTargets ) ) {
+ if (
+ ( !$byPassTargetFilter && !in_array( $target, $moduleTargets ) )
+ || ( $safemode && $module->getOrigin() > ResourceLoaderModule::ORIGIN_CORE_INDIVIDUAL )
+ ) {
continue;
}